sentinel-r2.1 / README.md
pranavms13's picture
Replace weights with freshly merged bf16 build; set eval scores to pending
01ce5ee verified
|
Raw
History Blame Contribute Delete
11.8 kB
---
license: other
license_name: glyph-proprietary-1.0
license_link: LICENSE
base_model: empero-ai/Qwythos-9B-v2
library_name: transformers
pipeline_tag: text-generation
language:
- en
tags:
- security
- penetration-testing
- offensive-security
- red-team
- cybersecurity
- agent
- tool-use
- reasoning
- sft
- trl
- unsloth
inference: false
extra_gated_prompt: >-
This model is the proprietary property of Glyph Software LLP. Access is
granted only to authorized licensees under a signed agreement. This is an
offensive-security agent intended solely for authorized penetration testing
and security research. By requesting access you confirm you are an authorized
user, that you will only use it against systems you are explicitly permitted
to test, and that you agree to the terms in the LICENSE file.
extra_gated_fields:
Company: text
Authorized use case: text
I confirm I will only use this model against systems I am authorized to test: checkbox
I agree to the Glyph Proprietary License: checkbox
datasets:
- glyphsoftware/sentinel-exploit-db
---
# Sentinel-R2.1
> **Proprietary & Confidential.** Sentinel-R2.1 is the exclusive property of
> **Glyph Software LLP**. It is **not** open source and is distributed under a
> proprietary, all-rights-reserved license. See the [License](#license) section
> and the bundled [`LICENSE`](LICENSE) file.
Sentinel-R2.1 is an **offensive-security agent** for **authorized penetration
testing**. Given a target scope and a shell-`execute` tool, it enumerates the
target, works out a foothold, escalates privileges as far as it can, and writes
up the full attack path — the root cause of each weakness it exploits and how to
fix it. It is a reasoning + tool-use model: it plans, issues tool calls, reasons
over the results, and iterates toward its objective.
This repository contains the **full merged model weights** — the Sentinel-R2.1
LoRA adapter fused into its base model. Unlike the
[adapter repository](https://huggingface.co/glyphsoftware/sentinal-r2-lora), it
loads directly with `transformers` and requires no separate base download or
PEFT step.
> **MTP head included.** These weights bundle the base's multi-token-prediction
> head (`mtp.*` tensors, `mtp_num_hidden_layers: 1`) for speculative decoding.
> `transformers` ignores these tensors on load (no behavior change), but runtimes
> that implement the Qwen3.5 MTP head — e.g. **vLLM** (`Qwen3_5ForConditionalGeneration`
> + `speculative_config` `method: "mtp"`) — can use them as a self-speculative
> draft. For a ready-to-serve GGUF with the same head wired in, see
> [`glyphsoftware/sentinel-r2.1-gguf`](https://huggingface.co/glyphsoftware/sentinel-r2.1-gguf)
> (`llama-server --spec-type draft-mtp`).
## Model Details
### Model Description
- **Developed & curated by:** Glyph Software LLP
- **Model persona / identity:** `Sentinel-R2.1`
- **Model type:** Merged full-weight causal decoder-only transformer; instruction-, reasoning-, and tool-use-tuned
- **Architecture:** `Qwen3_5ForConditionalGeneration` (hybrid linear/full-attention, 32 layers, hidden size 4096)
- **Base model:** [`empero-ai/Qwythos-9B-v2`](https://huggingface.co/empero-ai/Qwythos-9B-v2)
- **Precision:** bfloat16 (16-bit merged weights)
- **Context length:** up to 1,048,576 tokens (native)
- **Task type:** `CAUSAL_LM`
- **Languages:** English (with embedded shell commands and source code across many languages)
- **Finetuning method:** Supervised fine-tuning (SFT, LoRA) on curated authorized-pentest agent trajectories, then merged to 16-bit
- **License:** Proprietary — Glyph Proprietary License v1.0 (all rights reserved)
### Model Sources
- **Repository:** `glyphsoftware/sentinel-r2.1` (gated)
- **Base model:** `empero-ai/Qwythos-9B-v2`
## Intended Use
### Primary intended uses
- **Authorized penetration testing:** Autonomous or human-in-the-loop
enumeration, foothold discovery, and privilege escalation against systems the
operator is explicitly permitted to test.
- **Attack-path reporting:** Producing clear write-ups of each exploited
weakness, its root cause, and concrete remediation guidance.
- **Red-team tooling and security research:** Driving agentic workflows that use
a shell/`execute` tool in isolated lab or authorized engagement environments.
### Out-of-scope and prohibited uses
- **Any use against systems you are not explicitly authorized to test.**
- Unauthorized access, disruption, data theft, or any use violating applicable
law or the proprietary license.
- Any use outside Glyph Software LLP or its authorized licensees.
- Fully unattended operation without appropriate scoping, guardrails, and human
oversight.
## Benchmarks
Benchmark scores for this build are **pending re-evaluation**. This repository was
updated with freshly merged bf16 weights (base `empero-ai/Qwythos-9B-v2`);
evaluation on this build has not yet completed. Prior published figures were
measured on an earlier Sentinel-R2.1 build and are not carried over.
| Task | Metric | Sentinel-R2.1 (this model) |
|------|--------|--------------------------|
| gsm8k (5-shot) | exact_match (strict) | _pending_ |
| gsm8k (5-shot) | exact_match (flexible) | _pending_ |
| mmlu (0-shot) | acc | _pending_ |
| arc_challenge (0-shot) | acc | _pending_ |
| arc_challenge (0-shot) | acc_norm | _pending_ |
| gpqa_diamond (CoT, 0-shot) | exact_match (flexible) | _pending_ |
Evaluation will be run with [EleutherAI lm-evaluation-harness](https://github.com/EleutherAI/lm-evaluation-harness)
(transformers backend, single GB10, `dtype=bfloat16`) and figures published here
once complete.
## Training Data
Sentinel-R2.1 was fine-tuned on a curated set of **authorized penetration-test
agent trajectories**. Each example is a multi-turn conversation in which the
assistant is given an isolated-lab target and a shell `execute` tool, and works
through enumeration → foothold → privilege escalation → remediation write-up,
interleaving reasoning, tool calls, and tool results.
| Property | Value |
|---|---|
| Training examples | 142 |
| Format | Multi-turn `messages` (system / user / assistant / tool) with tool calls |
| Tooling | Single `execute` shell tool |
| Framing | Authorized engagements in isolated lab networks |
All scenarios are explicitly scoped as authorized testing against lab targets.
## Prompt Format
Sentinel-R2.1 uses a chat template with `system`, `user`, `assistant`, and `tool`
roles, and supports tool calling. The system message establishes the pentester
persona and the engagement rules; the model responds with reasoning and
`execute` tool calls, consumes the tool results, and continues until it reaches
its objective and produces a write-up.
### Recommended system prompt
```
You are an expert penetration tester carrying out an authorized engagement in
an isolated lab. You have an execute tool to run shell commands from your
attacking host. Enumerate the target thoroughly, work out a foothold, escalate
your privileges as far as you can (root or Administrator/SYSTEM), and then write
up the full attack path — the root cause of each weakness you exploit and how to
fix it.
```
## How to Use
> Access to these weights requires an authorized Hugging Face token for the
> gated/private repository. These are full merged weights — no adapter or base
> download is required.
```python
import torch
from transformers import AutoModelForCausalLM, AutoTokenizer
model_id = "glyphsoftware/sentinel-r2.1"
tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(
model_id, device_map="auto", torch_dtype="auto"
)
system = (
"You are an expert penetration tester carrying out an authorized engagement "
"in an isolated lab. You have an execute tool to run shell commands from your "
"attacking host. Enumerate the target thoroughly, work out a foothold, escalate "
"your privileges as far as you can, and then write up the full attack path — "
"the root cause of each weakness you exploit and how to fix it."
)
messages = [
{"role": "system", "content": system},
{"role": "user", "content": "Assess the authorized lab host at 10.129.0.10."},
]
inputs = tokenizer.apply_chat_template(
messages, add_generation_prompt=True, return_tensors="pt"
).to(model.device)
out = model.generate(inputs, max_new_tokens=1024, temperature=0.3, top_p=0.9)
print(tokenizer.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))
```
The model emits `execute` tool calls; your harness is responsible for running
those commands **only within an authorized, isolated environment** and feeding
the results back as `tool` messages.
### Recommended generation settings
| Parameter | Value |
|---|---|
| `temperature` | 0.2 – 0.4 |
| `top_p` | 0.9 |
| `max_new_tokens` | 1024+ (reasoning and tool calls consume tokens) |
## Training Procedure
| Hyperparameter | Value |
|---|---|
| Method | Supervised fine-tuning (LoRA), merged to 16-bit |
| Base model | `empero-ai/Qwythos-9B-v2` |
| LoRA rank / alpha | 16 / 16 |
| LoRA dropout | 0.0 |
| Target modules | attention + MLP projections (`q,k,v,o,gate,up,down`) |
| Max sequence length | 16,384 |
| Epochs | 3 |
| Batch size × grad accum | 2 × 4 (effective 8) |
| Training steps | 54 |
| Learning rate | 2e-4 |
| Optimizer | `adamw_torch_fused` |
| Precision | bf16 (non-4bit) |
| Final training loss | ~0.595 |
Trained with [Unsloth](https://github.com/unslothai/unsloth), TRL, and PEFT, then
the adapter was merged into the base weights and exported in bf16.
## Limitations and Risks
- **Not a substitute for a skilled operator.** Outputs may be incorrect,
incomplete, or unsafe to run. Every command must be reviewed before execution.
- **Powerful dual-use capability.** This model is designed to compromise
systems. It must only ever be pointed at targets you are explicitly authorized
to test, in isolated environments, with human oversight.
- **Small training set.** The model was trained on a modest number of
trajectories; coverage of tools, platforms, and techniques is limited and
biased toward the scenarios in the training data.
- **Reasoning is not ground truth.** The model's plans and explanations are aids,
not verified proofs; validate all findings independently.
- **Harness responsibility.** Command execution, scoping, network isolation, and
guardrails are the responsibility of the operator and the surrounding harness,
not the model.
## License
**Proprietary — All Rights Reserved.**
Sentinel-R2.1, including these merged weights, its configuration, tokenizer, and
all associated artifacts, is the confidential and proprietary property of
**Glyph Software LLP**. It is **not** released under any open-source license and
is governed by the **Glyph Proprietary License v1.0** in the bundled
[`LICENSE`](LICENSE) file.
No part of this model may be copied, distributed, published, sublicensed,
merged into another model, distilled, or used to train or evaluate any other
model, except by Glyph Software LLP or parties holding explicit prior written
permission. Access does not grant any ownership or license rights beyond those
expressly granted in writing.
© 2026 Glyph Software LLP. All rights reserved.
## Citation
```bibtex
@misc{glyphsoftware_sentinel_r2.1,
title = {Sentinel-R2.1: An Authorized Penetration-Testing Agent},
author = {Glyph Software LLP},
year = {2026},
note = {Proprietary model. All rights reserved.}
}
```
## Contact
For licensing, access requests, or security inquiries, contact Glyph Software LLP.
[<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth)