AI Transparency Notice and AI Bill of Materials

Effective date: 2026-06-02 Last updated: 2026-06-02

Plain-language summary (this box is a summary, not the legal text):

• HackZero runs penetration tests using autonomous AI agents, not only human testers. When you receive findings, you are receiving output generated by an AI system working from a documented methodology.
• The AI is non-deterministic. The same target can produce different test paths and different findings across engagements. We do not promise to find every vulnerability, and we do not promise to reproduce a prior engagement’s findings.
• We do not use your data, source code, configurations, or findings to train, fine-tune, or improve any AI or machine-learning model. You own your Inputs and your Outputs. You may audit this commitment.
• Every finding rated High or Critical ships with exploit-reproduction evidence (steps, request and response artifacts, agent reasoning trace) so you can independently verify it before you act on it.
• There is a human-in-the-loop review step and a published kill-switch. Our agents are bound by the Rules of Engagement (RoE) you sign: a target list, a blast-radius limit, and a hard technical scope boundary.
• Our “find an exploit or it’s free” offer is a billing commitment, not a security guarantee. It does not mean your systems are free of vulnerabilities.

This Notice is published to satisfy AI-transparency obligations in the markets we sell into and to give you the information procurement and risk teams need. Questions: [email protected].

1. Scope, definitions, and how this Notice fits the other documents

1.1 Who we are

“HackZero”, “we”, “us”, or “our” means Agentic Security, Inc., a Delaware corporation, doing business as “HackZero”, with its principal place of business and notice address at 2810 N Church St STE 88242, Wilmington, Delaware 19802, United States. Our website is hackzero.ai and the product dashboard is at dashboard.hackzero.ai.

“You”, “your”, or “Customer” means the organization or individual that has signed up for, contracted for, or uses the Services.

1.2 What the Services are

The “Services” are HackZero’s AI penetration-testing and AI red-team platform. In summary, the Services (1) read your source code through a read-only GitHub application, (2) run autonomous, large-language-model-driven attacks (using a real browser, scanners, and a library of exploitation skills) against your live web application within an authorized scope, and (3) return exploit-validated findings together with compliance evidence mapped to frameworks such as SOC 2, HIPAA, PCI-DSS 4.0, and ISO/IEC 27001.

1.3 What this Notice covers, and what it does not

This Notice explains how artificial intelligence is used inside the Services, what data the AI receives, how that data is handled, what the AI can and cannot be relied upon to do, and how AI-related legal risk is allocated. This Notice is a published transparency document. It is not the contract that governs your use of the Services.

The binding terms live in:

• the Terms of Service (/legal/terms);
• the Privacy Policy (/legal/privacy);
• the Data Processing Addendum (“DPA”, /legal/dpa);
• the Acceptable Use Policy (“AUP”, /legal/acceptable-use);
• the Subprocessor List (/legal/subprocessors);
• the Rules of Engagement (“RoE”) that every Customer signs before any scan runs; and
• for Enterprise customers, the negotiated Master Services Agreement (“MSA”).

Where this Notice describes a commitment that also appears in those documents (for example, the no-training commitment in MSA § 5.3), the binding text in the contract controls. Where this Notice and a signed MSA conflict, the MSA controls for that Customer. This Notice does not create rights beyond, or inconsistent with, those agreements. Related documents you may need: the Cookie Policy (/legal/cookies), the Vulnerability Disclosure Policy (/legal/security), and the Refund and Cancellation Policy (/legal/refunds).

1.4 Defined AI terms used in this Notice

• “AI agent” or “agent”: an autonomous software process that plans, executes, and reports on testing using a large language model for reasoning, together with tools (browser, scanners, exploitation skills).
• “Model” or “foundation model”: the enterprise-grade large language model that performs the agent’s reasoning, provided by a reputable third party and/or operated by HackZero. Where the model is provided by a third party, we act as a deployer of that model and do not build or own it.
• “Input”: data you provide to, or that the Services read on your behalf into, the AI pipeline, including source code, configuration, target definitions, and scan parameters.
• “Output”: the findings, exploit reproductions, evidence artifacts, scores, narratives, and reports the Services generate for you.
• “Customer Data”: Input, Output, and any personal or confidential data observed during an engagement, as further defined in the DPA and MSA.
• “Hallucination”: AI output that is fabricated or not grounded in the actual target, for example an invented vulnerability or invented evidence.
• “False positive”: a real observation misclassified, mis-scored, or assigned the wrong weakness category.
• “False negative”: a real vulnerability that the Services did not detect or report.

2. We use autonomous AI agents to perform penetration testing (plain disclosure)

We want this to be unambiguous.

HackZero performs security testing using autonomous AI agents that plan, execute, and report on penetration tests with limited human direction. When you use the Services, you are interacting with, and receiving findings generated by, an AI system.

HackZero uses one or more enterprise-grade foundation models, provided by reputable third parties and/or operated by HackZero, to power its autonomous testing agents and to generate report narratives. HackZero selects, configures, and maintains these models, and the specific models and configurations may evolve over time as the technology matures. Whichever model is used, the data-protection and confidentiality commitments stated here apply (see the AI Bill of Materials in Section 3). The agents act through a real browser, network and application scanners, and a library of more than twenty exploitation skills. The agents decide, within the scope you authorize, which paths to test and which techniques to apply.

AI agents exhibit non-deterministic behavior. Identical inputs may produce different test paths and different findings across engagements. This is a property of how the technology works, not a defect. We explain the consequences in Section 5.

This disclosure is made so that you, your end users, and any regulator can know that testing is AI-driven. It is also the predicate for the per-finding evidence and disclaimer described in Section 5, and it supports our transparency obligations under the EU AI Act (Article 50), the Utah Artificial Intelligence Policy Act, and comparable US-state and Latin American measures described in Section 9.

3. AI Bill of Materials (AI-BOM)

3.1 What the AI-BOM is

The AI Bill of Materials (“AI-BOM”) is the inventory of the AI components that compose the Services. It is the AI analogue of a Software Bill of Materials (SBOM). We publish a summary AI-BOM so that your security, privacy, and procurement teams can evaluate the Services without a sales call. The concept is grounded in:

• US federal SBOM practice under Executive Order 14028 (May 12, 2021);
• the CISA 2024 Roadmap for Artificial Intelligence (voluntary US federal guidance);
• the EU AI Act, Regulation (EU) 2024/1689, Article 11 and Annex IV (technical documentation) and Article 53 with Annex XI (general-purpose AI documentation);
• the NIST AI Risk Management Framework, NIST AI 100-1 (January 2023) and the Generative AI Profile, NIST AI 600-1 (July 2024), control Govern 1.4;
• the OpenSSF AI-BOM work and its proposed SPDX 3.0 extension; and
• ISO/IEC 42001:2023 (AI management systems) component-inventory expectations.

3.2 Summary AI-BOM table

The following is the current production summary AI-BOM. It is also published at /legal/ai-bom and cross-referenced from the Subprocessor List (/legal/subprocessors). The Subprocessor List is the legal artifact identifying processors of personal data; this AI-BOM is the technical artifact describing AI components.

3.3 Detailed and customer-specific AI-BOM

The summary above is public. A more detailed AI-BOM, including framework and tool versions, licenses, and the full exploitation-skill inventory, is treated as confidential because it describes our tool chain. We will provide:

• a detailed AI-BOM on request, subject to confidentiality obligations; and
• a customer-specific AI-BOM that lists only the AI components actually used in your engagement, on request.

3.4 Change notice for the AI-BOM

We will give at least thirty (30) days’ advance notice of any material change to the AI-BOM, including a change of the upstream foundation-model provider. If a material change is material to your own regulatory or compliance position, you may terminate the affected Services without penalty, as further set out in the Terms (/legal/terms) and any applicable MSA. Notice is given through the dashboard and, where you have provided a contact, by email.

4. The no-training commitment

4.1 The commitment

No training on your data. We do not use your Customer Data, source code, or findings to train or fine-tune foundation models, and we require any third-party model provider we engage to apply the same restriction. You retain ownership of your Inputs and of the findings and reports the Services generate for you.

Service quality and evaluation. We may process de-identified and aggregated information derived from use of the Services to operate, secure, evaluate, benchmark, and improve the quality, accuracy, and reliability of the Services, including our detection capabilities and our internal model and system evaluations. De-identified and aggregated information does not identify you, your organization, or any individual, and is not used to train third-party foundation models on your identifiable data.

The operative contractual text is MSA § 5.3 (AI-Training Prohibition), which is a material term and, under the MSA, sits outside the liability cap. The DPA (/legal/dpa) carries the matching processor obligation, and the Privacy Policy (/legal/privacy) describes it for individuals.

4.2 What this covers

The prohibition covers Customer Data in the broadest sensible reading, including:

• source code you connect through the read-only GitHub application;
• any source code, configuration, or file the agent observes on in-scope infrastructure during an engagement, even if you did not hand it over directly;
• target definitions, scan configurations, and captured request and response artifacts; and
• findings, exploit reproductions, and reports.

We use Customer Data only to perform the contracted Services for you, inside an isolated and non-persistent execution environment, meaning: inference-time use only; no training; no fine-tuning; no retrieval indexing that would allow cross-tenant retrieval; per-engagement isolated workspaces; in-memory context; and no persistent vector store keyed to a Customer.

4.3 What we are permitted to do (kept narrow)

Consistent with Section 4.1, we may process de-identified and aggregated information derived from use of the Services to operate, secure, evaluate, benchmark, and improve the quality, accuracy, and reliability of the Services, including our detection capabilities and our internal model and system evaluations, for example aggregated detection metrics (false-positive rates, time-to-find) and abstracted vulnerability patterns expressed at a level that cannot be traced to you. De-identified and aggregated information does not identify you, your organization, or any individual, and is not used to train third-party foundation models on your identifiable data. We may not use your source code, your specific configurations, or Customer-identifying data outside the engagement. This carve-out is described further in the MSA and DPA.

4.4 Upstream flow-through

Where we engage a third-party model provider, that provider is configured for zero data retention and no model training on Customer Data, and we flow the no-training commitment down to that upstream subprocessor. Because we select the subprocessor, breach of the no-training or subprocessor obligations carries uncapped liability under the MSA.

4.5 Your right to audit

You may, no more than once per year, request a SOC 2 or ISO/IEC 27001 report or an equivalent third-party attestation evidencing the no-training posture, and you may audit, no more than annually, to confirm that no Customer Data has been used in model training. We will provide written evidence of the zero-retention and no-training configurations on request, subject to confidentiality obligations. The audit mechanics are governed by the DPA and any applicable MSA.

4.6 Why this matters legally

Source code and engagement data can implicate copyright (for example 17 U.S.C. § 102(a) and the Berne Convention; in Latin America, Mexico’s Ley Federal del Derecho de Autor Article 5, Brazil’s Lei 9.610/1998 Article 7, Argentina’s Ley 11.723, and Colombia’s Ley 23 de 1982), trade-secret law (for example the US Defend Trade Secrets Act, 18 U.S.C. § 1839, and California’s Uniform Trade Secrets Act, Cal. Civ. Code § 3426), and data-protection law (for example LGPD Article 5(I) and Mexico’s LFPDPPP). The no-training commitment, the narrow carve-out, and the audit right are designed to keep your rights in your code and data intact.

5. AI accuracy: hallucination, false-positive, and false-negative disclaimer

Read this section carefully. It limits what you may rely on the Services to do.

5.1 The findings are probabilistic, not guaranteed

The Services use autonomous AI agents that exhibit non-deterministic behavior. We warrant our methodology, not our output. Our methodology follows recognized standards, including the Penetration Testing Execution Standard (PTES) and the OWASP Web Security Testing Guide (WSTG), and our AI-risk management follows the NIST AI Risk Management Framework (NIST AI 100-1 and the Generative AI Profile, NIST AI 600-1). We do not warrant any individual finding.

Specifically:

• We do not warrant that the Services will reproduce, on a later engagement, a finding produced on an earlier one.
• We do not warrant that any particular class of vulnerability will be detected by any particular engagement.
• AI output may contain inaccuracies, including hallucinated findings (fabricated vulnerabilities or evidence), false positives (a real observation mis-classified or mis-scored), and false negatives (a real vulnerability that is missed).

No tool, human or AI, finds every vulnerability. We do not guarantee that all vulnerabilities will be found. AI-based testing supplements, and does not replace, human security review, a secure development lifecycle, defense-in-depth controls, and continuous monitoring.

5.2 Every High and Critical finding ships with reproduction evidence

To let you separate a real finding from a false one, every finding rated High or above is delivered with reproduction evidence: the test steps, the captured request and response artifacts (with personal data redacted where feasible), a request identifier and timestamp, and the agent’s reasoning trace. We score findings using CVSS (v3.1 and v4.0) and disclose the score so that you can re-score against your own environment.

Each such finding carries this notice:

“This finding was produced by an autonomous AI agent. AI-generated findings may contain inaccuracies, including misclassification, exaggerated severity, or fabricated evidence. Before you remediate, publicly disclose, or report this finding to a regulator, you should independently verify it by reproducing the documented test steps and reviewing the captured request and response artifacts. The accuracy disclaimer in this AI Transparency Notice and the corresponding section of the Terms apply.”

5.3 You must validate before relying on findings for compliance

The Services produce compliance-mapping evidence (for example, mappings to SOC 2, HIPAA, PCI-DSS 4.0, and ISO/IEC 27001). You must independently validate findings before relying on them for any compliance attestation, regulatory filing, audit response, public disclosure, or representation to a third party. A finding is decision-support, not a certification. We are not your auditor, and a HackZero report is not a certification of compliance.

5.4 Service credits, not damages

Where we publish accuracy targets (for example, a target false-positive rate for High-and-above findings measured quarterly, or a hallucination-rate target), missing a published target triggers a service credit, not a damages remedy. Service-credit mechanics are set out in the Terms and any applicable MSA. This Notice does not itself create a damages remedy for accuracy.

5.5 Truthful-AI-claims compliance

This Section is also how we comply with the US Federal Trade Commission Act, Section 5 (15 U.S.C. § 45), and the FTC’s “Operation AI Comply” enforcement posture (announced September 2024): we do not claim the Services find all vulnerabilities, are complete, or guarantee detection. Our testing is point-in-time and methodology-bounded.

6. Human-in-the-loop, kill-switch, and autonomous-agent guardrails

6.1 Human-in-the-loop

A human reviews findings before you are expected to rely on them. The mandatory human-review threshold is all findings rated High and Critical. This maps to the human-oversight expectation in Article 14 of the EU AI Act and is the basis for the per-finding evidence and disclaimer in Section 5.

6.2 Kill-switch

We publish a kill-switch protocol with a named, verifiable Customer contact. The agent reports immediately and pauses testing on any scope deviation. Confirmed critical vulnerabilities (CVSS 9.0 or higher) are escalated to the Customer contact within four (4) hours of confirmed discovery. The kill-switch is exercised through the dashboard and the contact path set out in your RoE. The kill-switch four-hour escalation, the all-High-and-Critical human-review threshold (Section 6.1), and the CVSS scoring commitments are mirrored into the RoE, MSA, and Terms so this Notice is not the sole source of these representations.

6.3 Scope guardrails (RoE-bound, blast-radius-limited, target-list-bound)

Every Customer signs a Rules of Engagement before any scan runs. The RoE is the hard technical boundary, not advisory guidance. The agent:

• operates only against the in-scope target list (hosts, domains, IPs, repositories) you authorize;
• respects a Customer-configurable blast-radius limit;
• hard-stops at the RoE-listed scope boundary and requires explicit Customer approval before pivoting to any newly discovered asset, including transitive infrastructure reached through DNS, IP, or application pivots;
• extracts the minimum data necessary to prove a finding, rather than performing raw exfiltration; and
• writes an audit trail sufficient to prove what the agent did, when, and under whose authorization.

The authorization-to-test warranty (you warrant you own or are authorized to test every target) lives in the Terms and AUP (/legal/terms, /legal/acceptable-use). High-risk targets are out of scope: do not point the Services at systems where failure could cause death, personal injury, or environmental damage (for example, life-support systems, emergency services, nuclear facilities, autonomous vehicles, or air-traffic control).

7. Risk allocation for agent misbehavior and prompt injection (high-level)

This Section is a plain summary. The binding allocation is in the Terms, AUP, DPA, and any applicable MSA, which control.

7.1 Agent misbehavior (split rule)

• If the agent deviates because of its own reasoning failure (for example, target drift or recursive expansion beyond scope), we are responsible, regardless of how you scoped the engagement. We own our AI failure modes.
• If a deviation results from a Customer scoping error or a misrepresented or unauthorized target, the Customer carries the allocated risk, consistent with the authorization warranty and indemnity in the Terms and AUP.

We treat the AI agent as our tool and ourselves as the operator of the agent for liability and regulatory purposes. No jurisdiction we sell into recognizes an AI system as a legal person, and the EU AI Act (Articles 16 and 26) fixes responsibility on the provider and deployer. The authorization to test is grounded in the Customer’s written authorization, consistent with the US Computer Fraud and Abuse Act (18 U.S.C. § 1030) and Van Buren v. United States, 593 U.S. 374 (2021), and with applicable state, Canadian (Criminal Code, R.S.C. 1985, c. C-46, s. 342.1), and Latin American computer-crime statutes.

7.2 Prompt injection

Where a third-party prompt injection or model jailbreak causes our agent to exfiltrate Customer Data, we bear that loss as a carve-out from the liability cap, as set out in the Terms and MSA. This is an AI failure mode we own. It sits alongside the agent-reasoning-failure allocation above.

8. Data the AI receives and how it is handled

This Section summarizes; the Privacy Policy (/legal/privacy), DPA (/legal/dpa), and Subprocessor List (/legal/subprocessors) are authoritative.

• What the model receives: target and scan context, source-code excerpts (read-only), and the request and response artifacts needed to reason about and prove a finding.
• Controller and processor roles: For Customer Data observed during an engagement, including any personal data of your own users or employees that the agent incidentally encounters, you are the controller and we are the processor. Individuals whose data is observed during testing should direct privacy requests to the company that engaged us (the controller); we assist that company under the DPA.
• Retention: Customer Source Code is permanently destroyed within thirty (30) days of termination on request; non-editable backups are purged within sixty (60) days after initial destruction; signing and audit logs are retained for seven (7) years for evidentiary purposes (MSA § 5.5).
• Residency and self-hosting: Primary processing is in the United States. Compliance and Enterprise tiers can run the Services inside the Customer’s own VPC; in that mode, Customer Data does not leave the Customer’s perimeter, which materially reduces subprocessor exposure for that tenant.
• Subprocessor: The foundation-model provider is a disclosed subprocessor (see the Subprocessor List). All HackZero infrastructure is United States hosted: our enterprise foundation-model provider(s) process in the United States, as do our hosting (Fly.io, San Jose, California), object storage (Tigris), and email (Resend) providers, while Cloudflare operates as a global edge network. Cross-border transfer mechanisms are addressed in the DPA and Privacy Policy. For transfers from outside the United States we rely on definite mechanisms: for the United States and general use, the Standard Contractual Clauses or the equivalent approved clauses for the relevant country; for Brazil, the Brazilian Standard Contractual Clauses adopted by ANPD Resolution CD/ANPD No. 19/2024 (controlling in Portuguese); and the corresponding approved transfer clauses for Argentina, Colombia, Chile, and Peru, each aligned with the DPA and Privacy Policy.
• Self-hosted Enterprise inference: Self-hosted Enterprise deployments route large-language-model inference to a Customer-controlled endpoint inside the Customer’s own VPC. In that mode, the third-party foundation-model provider is not a subprocessor for that tenant, and the Subprocessor List reflects this for self-hosted Enterprise tenants.

9. Regulatory alignment

We monitor and align to the following. Statutory citations and effective dates are given so your risk team can verify. This Section is a statement of posture, not legal advice.

9.1 European Union: EU AI Act (Regulation (EU) 2024/1689)

• In force August 1, 2024. Prohibited-practice rules applied February 2, 2025; general-purpose AI rules applied August 2, 2025; high-risk rules apply August 2, 2026.
• Classification: AI penetration testing is not listed in Annex III, so it is not high-risk by default. We take the conservative position that the Services are limited-risk and subject to the transparency obligations in Article 50. We reassess case by case for customers in regulated sectors (for example, health or life insurance per Annex III(5)(d), or where the Services are a safety component of a product regulated under Article 6(2) and Annex I) where reclassification to high-risk could apply.
• Deployer posture: We use a third-party general-purpose model, so we are a downstream deployer; the principal general-purpose-AI obligations sit with the upstream provider. We document the model in the AI-BOM and maintain the technical documentation contemplated by Article 11 if the Services are ever reclassified.
• Conformity statement: An EU AI Act conformity statement (a short attestation that we have assessed classification) and our Article 50 transparency materials are available on request.
• The EU is not a launch market for HackZero today; this alignment is forward-looking and reflects the Act’s extraterritorial reach under Article 2(1)(c) where output is used in the Union.
• Adjacent note: We are not accredited for threat-led penetration testing (TLPT) under the EU Digital Operational Resilience Act (Regulation (EU) 2022/2554) or TIBER-EU. EU financial entities subject to DORA should treat this as a limitation.

9.2 United States: state AI disclosure laws

• Colorado Artificial Intelligence Act (SB 24-205): regulates high-risk AI used in “consequential decisions.” Penetration testing is not a consequential-decision use, so the Services are out of scope unless a customer wires findings into a covered decision. We monitor this law, whose effective date and enforcement status have shifted during 2026.
• Texas Responsible Artificial Intelligence Governance Act (TRAIGA): provides a safe harbor for alignment to the NIST AI Risk Management Framework, which we document.
• Utah Artificial Intelligence Policy Act (SB 149): effective May 1, 2024; disclosure-only. Where AI-generated output is consumed by a Utah-regulated professional (for example, in medicine, law, or accounting), the relevant output carries an AI-generation notice.
• California: the AI Transparency Act (SB 942, effective January 1, 2026) applies to covered generative-AI systems above one million monthly users, a threshold we do not meet; the generative-AI training-data transparency law (AB 2013) applies to providers that train models, and we are a deployer that does not train on Customer Data. We track both.

9.3 Canada

The Artificial Intelligence and Data Act (AIDA), formerly part of Bill C-27, did not become law; Bill C-27 died on the Order Paper when Parliament was prorogued in January 2025, and no successor has been enacted as of this Notice. We treat AIDA as not in force and monitor for reintroduction. Our Canadian baseline is PIPEDA accountability, the Criminal Code computer-crime provisions (s. 342.1), and, for cross-border processing of Quebec data, the transfer-assessment requirement under Quebec’s Law 25 (Act respecting the protection of personal information in the private sector, CQLR c. P-39.1, Article 17). We continue to monitor emerging Canadian AI legislation for any AIDA successor.

9.4 United States: truthful-AI-claims (FTC Act § 5)

We comply with the Federal Trade Commission Act, Section 5 (15 U.S.C. § 45), and the FTC’s “Operation AI Comply” posture (September 2024). We do not market the Services as guaranteeing detection, finding all vulnerabilities, or being complete or continuous beyond what is true. See Sections 5 and 10.

9.5 Automated decision-making and the right to human review (LATAM and Canada)

Several markets we sell into give individuals rights when a decision affecting them is based solely on automated processing, including a right to be informed of, and in some cases to object to, such decisions and to obtain review by a natural person. The principal hooks are:

• Quebec, Law 25 (Act respecting the protection of personal information in the private sector, CQLR c. P-39.1, Article 8.1): a company must, at or before a decision based exclusively on automated processing, inform the individual of that fact, and on request disclose the personal information used, the reasons and the principal factors leading to the decision, and the individual’s right to have the information corrected and to have the decision reviewed by a natural person.
• Mexico, LFPDPPP (2025): rights of opposition to automated decision-making and profiling that produce legal or significant effects on the individual.
• Chile, Ley 21.719 (applicable from December 1, 2026): right to object to decisions based solely on automated processing, including profiling.
• Peru, DS 016-2024-JUS (Personal Data Protection Law regulation): right to object to decisions based on automated processing, including profiling.

Our applicability position. The Services make decisions about target systems and assets (which paths to test, which exploitation skills to apply, how to score a finding), not solely-automated decisions that produce legal or similarly significant effects on a natural person. On that basis, we take the position that the automated-decision-making transparency and objection rights above (including Quebec Law 25 Article 8.1) are not triggered for end-individuals by the Services. Where a finding nonetheless concerns an identified or identifiable individual, the mandatory human-review step in Section 6.1 (all High and Critical findings) applies before the finding is relied upon, and the individual’s privacy requests are routed to the controller that engaged us, as set out in Section 8. We surface these hooks here so procurement and risk teams can see the analysis. Where a local data-protection officer or database registration is required (for example, in Peru), HackZero complies with that requirement.

10. How the no-training and accuracy disclaimers reconcile with our “find an exploit or it’s free” offer

Our marketing includes a “find an exploit or it’s free” promise. That promise and the accuracy disclaimers in Section 5 must be read together. We state the reconciliation here so there is no ambiguity.

1. The promise is a billing commitment, not a security guarantee. If our agent finds no valid exploit in your in-scope assets during the engagement, you are not charged. That is a pricing term. It is not a representation that no vulnerability exists in your systems.
2. “Valid exploit” is defined by the same evidence bar we use to control false positives. A finding counts toward the promise only if it meets the High-or-above reproduction-evidence standard in Section 5.2 (test steps, request and response artifacts, request identifier, timestamp, reasoning trace). A finding cannot both earn the fee and be an unverified hallucination.
3. The promise is paired with a published false-positive control. Where we publish a false-positive target for High-and-above findings, missing it results in a service credit (Section 5.4). The promise (“we found something, so you pay”) and the false-positive control (“if our something is a false positive, you get credited”) are two halves of one quality commitment.
4. The promise does not override the false-negative disclaimer. Wherever the promise appears, this adjacent statement applies:

“‘Free if we find nothing’ is a billing commitment. It is not a representation that your assets are free of vulnerabilities. AI testing is non-deterministic and supplements, but does not replace, human review and defense-in-depth.”

A reader must not be able to infer either (a) that “if we are not charged, our systems are secure” or (b) that “every finding we bill for is guaranteed accurate.” Both inferences are false and both are disclaimed. The wording of the promise and any accuracy targets are stated identically here, on the marketing page, and in the Terms, so that FTC Act § 5 and the Latin American consumer codes do not treat any version as a stand-alone guarantee.

11. Changes to this Notice

We may update this Notice. When we do, we will change the “Last updated” date above and, for material changes (including a change of foundation-model provider, per Section 3.4), give advance notice through the dashboard and, where you have provided a contact, by email. Prior versions are retained. This Notice is reviewed at least every twelve (12) months.

12. Contact for AI questions

For questions about how HackZero uses AI, to request the detailed or customer-specific AI-BOM, to request the EU AI Act conformity statement or Article 50 transparency materials, or to exercise the audit right in Section 4.5:

• AI questions: [email protected]
• Privacy: [email protected]
• Legal and notices: [email protected]
• Security: [email protected]
• General: [email protected]

Notice address: Agentic Security, Inc., a Delaware corporation, doing business as HackZero · 2810 N Church St STE 88242, Wilmington, Delaware 19802, United States. Privacy requests may be directed to our Privacy Officer, who can be reached at [email protected]. In Brazil, you may contact our Data Protection Officer (Encarregado), reachable at [email protected].

This document is a published transparency notice. It does not modify the Terms of Service, Privacy Policy, DPA, AUP, Rules of Engagement, or any Master Services Agreement, each of which controls over this Notice to the extent of any conflict. Spanish, Portuguese (Brazil), and French translations are required before this Notice is served to Quebec, Mexican, Brazilian, or other Spanish-language and Portuguese-language users, and are a downstream step. For Quebec specifically, the Charter of the French Language (as amended by Bill 96) requires that the French version be presented by default to Quebec users, with English available only on the user’s express request; this is a presentation rule, not merely a translation logistics step.