Code of conduct
Responsible AI rules for cybersecurity research
These rules are not optional. They are the floor, not the ceiling.
- Defensive-only use.
- No exploitation of third-party systems.
- No credential theft, password cracking, or session hijacking.
- No malware authoring, packing, or evasion assistance.
- No unauthorized scanning of networks, services, or accounts.
- Coordinated vulnerability disclosure with reasonable embargo windows.
- Human expert review of every finding before it leaves your team.
- Clear documentation of model use in your security artifacts.