Skip to content
← Legal

AI-Pentest Addendum

Effective: Last updated:

This AI-Pentest Addendum (the “Addendum”) governs your use of Fimil’s autonomous penetration-testing agent (the “Agent”) and supplements the Terms of Service and, where applicable, the Master Subscription Agreement (“MSA”) between you (“Customer”) and Fimil, Inc. (“Fimil”). Because the Agent performs active, offensive security testing against live systems, this Addendum sets out the authorization you must give, the scope and limits of testing, the safety controls Fimil applies, and how risk is allocated.

This Addendum is Fimil’s standard form for AI-assisted penetration testing. Where an executed Order Form or MSA conflicts with this page, that signed agreement controls.

1. Definitions

  • “Target” — a web application, API, or HTTP-reachable endpoint that Customer configures for testing, identified by the hosts on the policy allowlist.
  • “Authorized Scope” — the set of hosts Customer has listed as in-scope for a testing policy (the policy allowed_hosts), together with any authentication and options Customer configures.
  • “Engagement” — a penetration-test run executed by the Agent against a Target within the Authorized Scope.
  • “Testing Window” — the period during which an Engagement runs.

2. Authorization warranty and target ownership

Customer may run the Agent only against Targets it owns or is explicitly authorized to test. Before any Engagement can execute, Customer must attest in the product that it owns or is authorized to test the hosts in the Authorized Scope. The Service records this attestation (including the attesting user and timestamp) and will not start a run unless the attestation is present.

Customer represents and warrants, for each Engagement, that: (a) it owns or has obtained explicit, documented authorization to perform offensive security testing of every host in the Authorized Scope; (b) the Authorized Scope does not include any system Customer is not entitled to test; and (c) it has obtained any additional pre-authorization required by a third party that hosts or operates the Target (for example, a cloud or infrastructure provider’s penetration-test notification or authorization requirements). These representations survive termination.

3. Scope and nature of testing

The Agent performs application-layer (HTTP/API, “DAST”) testing only. It probes the Target’s web and API surface for vulnerabilities across a defined set of vectors — currently including SQL injection, cross-site scripting, SSRF, IDOR/authorization, mass assignment, prompt injection, SSTI, LDAP and XPath injection, XXE, command injection, path traversal, JWT attacks, and insecure deserialization.

The Agent does not test cloud-provider control planes or infrastructure APIs. It does not use your AWS, Azure, or GCP credentials and does not perform cloud-account assessment; Fimil’s separate cloud-posture (CSPM) scanning is governed by your general subscription, not this Addendum.

4. Safety controls Fimil applies

Fimil operates the Agent with the following technical guardrails. These reduce, but do not eliminate, the inherent risks of active security testing:

  • Scope enforcement. A runtime scope guard blocks requests to hosts outside the Authorized Scope and unconditionally blocks private/internal network ranges and cloud-metadata endpoints; off-scope attempts are refused and recorded.
  • Non-destructive by default. Potentially state-changing methods (DELETE/PATCH/PUT) are blocked unless Customer explicitly enables destructive testing (see Section 5).
  • Rate and budget limits. Per-host and per-run request-rate caps and a hard per-run spend budget bound the Agent’s activity.
  • Kill switch. Customer can abort an Engagement at any time; outbound testing traffic stops promptly (target service-level: within ~2 seconds of abort).
  • Immutable audit trail. Each Engagement records the requests attempted, outcomes, and evidence for reproducibility and review.

5. Destructive testing

Destructive testing is off by default. Customer may opt in to allow state-changing requests. If Customer enables destructive testing, Customer represents that the Target is appropriately prepared for it (for example, a non-production or backed-up environment where appropriate) and accepts the heightened risk of data modification or service disruption that such testing entails.

6. Allocation of testing risk

Active security testing can cause unintended effects on a Target, including errors, data changes, or service disruption. As between the parties, and to the maximum extent permitted by law, Customer assumes the risk of testing it authorizes against its own or its authorized systems. Customer will defend, indemnify, and hold Fimil harmless from any claim arising out of testing of a Target that Customer was not authorized to test. Fimil’s liability arising out of an Engagement is subject to the limitations of liability in the MSA (or Terms of Service, as applicable). (Specific liability figures and any testing-damage carve-outs are subject to the MSA and to review by counsel.)

7. Incidental sensitive data

During testing, the Agent may incidentally receive sensitive data — including personal data or secrets — in the responses of the Target it is authorized to test. To limit exposure, Fimil: truncates large response bodies (currently at approximately 1 MB) before they are processed or stored; applies automated redaction of common categories of personal data (such as email addresses, government identifiers, phone numbers, and payment-card numbers) and secrets (such as API keys, tokens, and private keys) before evidence is retained; stores the remaining evidence encrypted as part of the Engagement’s audit trail; and purges Engagement audit data on a configurable schedule (default 365 days). Handling of personal data is further governed by the Data Processing Agreement, whose data map reflects that offensive testing can surface such data.

8. Authenticated testing and credentials

Where Customer configures authenticated testing (for example, TOTP-based multi-factor login), the credentials Customer provides are encrypted at rest and used solely to authenticate the Agent to the Target within the Authorized Scope for the purpose of the Engagement.

9. Prohibited use

Use of the Agent is subject to the Acceptable Use Policy. Customer must not use the Agent to test systems it is not authorized to test, to cause unnecessary harm or disruption, or to circumvent the scope controls described above.

10. Relationship to other agreements

This Addendum supplements and forms part of the MSA (or, for self-serve customers, the Terms of Service). The Data Processing Agreement governs the processing of personal data. In the event of a conflict regarding the Agent specifically, this Addendum controls over the general MSA terms; an executed Order Form controls over both where it expressly so provides.

11. Contact

Questions about this Addendum: legal@fimil.dev. Security matters: security@fimil.dev.