ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review

aisecurity.llc

AI Usage Policy

How we use AI tools, protect client data, and review AI-assisted outputs · Effective May 19, 2026

aisecurity.llc uses approved AI tools to support research, analysis, drafting, code review, security review workflows, and service operations. This policy explains where AI may assist, what data boundaries apply, what humans must review, and what uses are prohibited.

1. Scope of This Policy

This policy covers aisecurity.llc's internal use of AI models in the operation of our services, delivery of research, and provision of advisory services. It applies to all AI model usage by aisecurity.llc staff, contractors, and automated systems.

2. AI Tools We Use

Our primary AI model provider is Anthropic Claude. We may also use OpenAI for specific features, evaluation, or compatibility workflows. We review AI tools against security, privacy, retention, confidentiality, provider, and responsible-use criteria before adoption. Current subprocessors, including AI model providers, are listed on the subprocessors page.

3. How We Use AI

3.1 Research and Analysis

We use AI to assist with: literature review and synthesis of public security research; drafting and editing research reports, articles, and publications; pattern analysis across public data sources; and ideation and structuring of frameworks and methodologies. All AI-assisted research is reviewed, validated, and signed off by qualified human analysts before publication.

3.2 Service features

Certain service features use AI assistance including: search and retrieval augmentation; content summarization; lab scenario generation; and assessment scoring support. These features are disclosed as AI-assisted where relevant within aisecurity.llc.

3.3 Internal Operations

We use AI tools internally for drafting, code review, documentation, and general productivity. Internal use is subject to the same data handling constraints as client-facing use.

4. Our Commitments

No training on customer data

We do not authorize AI model providers to use customer content submitted to aisecurity.llc — including consulting context, assessment materials, uploaded artifacts, or API inputs — to train their models under the applicable API or enterprise terms.

Human review for consequential outputs

AI-assisted content used in client deliverables, scorecards, evidence packs, security advisory reports, public claims, or published research is reviewed and approved by a qualified human before delivery or publication. We do not deliver consequential AI outputs as final work without human validation.

No autonomous high-stakes decisions

AI does not make autonomous determinations about security certifications, compliance status, employment or personnel decisions, legal conclusions, evidence labels, vulnerability status, or actions that materially affect a client’s security posture without human review and sign-off.

Transparent AI assistance

We disclose material AI assistance in research or deliverables where it affects interpretation, authorship, or confidence.

Data minimization before AI processing

We minimize, redact, pseudonymize, or generalize sensitive material before submitting content to approved AI providers where feasible.

Provider review and accountability

We review AI providers against security, privacy, retention, confidentiality, and responsible-use criteria before adoption.

5. Prohibited AI Uses

Within aisecurity.llc's operations, the following AI uses are prohibited:

  • Using AI to fabricate assessment evidence, citations, vulnerability findings, credentials, badges, or scorecard results.
  • Using AI to bypass client authorization, testing scope, safe-harbor terms, or rules of engagement.
  • Using AI to process confidential client data in unapproved tools.
  • Using AI to impersonate clients, researchers, sponsors, employees, or reviewers.
  • Using AI to make unsupervised external claims about a client’s security posture.

6. Client and Customer Data

6.1 What We Send to AI Providers

During consulting engagements, we may use AI assistance to help analyze architectures, draft recommendations, or process publicly accessible data. Before doing so we:

  • Assess whether AI assistance is appropriate for the sensitivity of the material
  • Remove or pseudonymize personal identifiers and confidential identifiers where possible
  • Obtain client acknowledgment for any processing of materials marked confidential

6.2 AI Providers Do Not Retain Your Content for Training

Under our agreements, Anthropic and OpenAI do not use API inputs to train their models. API data is not retained beyond what's needed for the immediate API call (consistent with their posted enterprise/API retention terms). We recommend reviewing Anthropic's Privacy Policy and OpenAI's Privacy Policy for their current commitments.

7. Output Limitations

AI-generated outputs provided through or as part of our services:

  • May contain errors, hallucinations, or outdated information
  • Are not legal advice, compliance certification, or a security warranty
  • Should be validated by qualified professionals before acting on them
  • Reflect the training data cutoff of the underlying model, which may not reflect current threat landscape

8. Escalation and Concerns

To report concerns about how we use AI or to request clarification on AI usage in a specific context, contact hello@aisecurity.llc. For privacy-specific requests, contact privacy@aisecurity.llc. For security concerns, contact security@aisecurity.llc.

See also our Responsible AI Principles and Customer Data & Model Training pages.

9. Updates to This Policy

We will update this policy as our AI tool usage evolves. Significant changes will be noted with a revised effective date.

AI Usage Policy · aisecurity.llc · Effective May 19, 2026 · Version 1.0

← Back to Legal