Skip to main content
TartarusAI
← back to home

// security & responsible use

Uncensored on content.
Hardened on runtime.

The agent does the offensive-security work without lecturing you about it. The runtime around the agent is structured to prevent the most common ways AI agents waste your day or damage your project. Two different problems; two different layers.

// runtime guards

Six layered guards.

Verification gate

Before the agent can declare a step complete, the runtime runs the project's build, tests, or syntax check on each changed file. No "successfully created" theater.

Read-before-overwrite

Every file write is preceded by a read of the file's current state. The agent cannot blow away changes it has not seen.

Loop guard

The agent cannot retry the same broken artifact more than twice in a session. Forces it to change approach instead of looping on the failed path.

Failed-path blacklist

Approaches that have already failed in the session are recorded and excluded from subsequent attempts. Cuts the worst class of multi-step regression.

Workspace isolation

Each conversation gets its own ephemeral filesystem. Prompt content from one engagement cannot leak into another via cached state.

No-blind-rm

The agent cannot delete a top-level file or directory in the workspace root without explicit confirmation. Prevents one class of catastrophic AI-agent failure.

// framework alignment

What we map to.
Plainly stated.

We're not selling certifications we don't have. Where we map to a published framework, we say so. Where we don't, we explain why.

NIST AI Risk Management Framework (AI RMF)+
We map to the four AI RMF functions (Govern, Map, Measure, Manage) at the runtime layer — verification gate covers Measure; loop guards + failed-path blacklist cover Manage; per-engagement workspace isolation + audit log cover Govern. Map function is per-engagement and lives with the customer's threat model.
ISO/IEC 23894 — AI risk management+
ISO 23894 is the AI-specific overlay on ISO 31000. We treat the agent as a controlled risk source and document the mitigations (runtime guards, opt-in destructive actions, audit log). Full mapping document available to Enterprise customers on request.
SOC 2 Type 2+
SOC 2 Type 2 audit is in progress with a Big-Four firm. Report will be available to Enterprise-tier customers under NDA when issued. We will not claim "SOC 2 compliant" until the report exists.
GDPR / UK GDPR / CCPA+
Covered by our DPA. Standard Contractual Clauses (Module 2) executed on request for EEA / UK / Switzerland transfers. Sub-processor list is two items long; we publish 30 days notice before adding any sub-processor that handles prompt content.

// boundaries

What we won't enable.

"Uncensored" doesn't mean "no boundaries." It means no content-policy refusal on legitimate professional offensive-security work. The boundaries below are categorical, not negotiable.

  • Material targeting child sexual abuse. Categorically refused. No prompt-engineering route around it.
  • Weapons of mass destruction. Chemical, biological, radiological, nuclear synthesis or weaponization assistance. Not the agent's job.
  • Critical infrastructure outside an authorized red-team engagement. Power grid, water, financial settlement, healthcare-critical systems — only inside a documented authorized engagement scope.
  • Re-selling our inference as your own API. Sustained automated abuse of the inference layer. We'll close accounts and refund the unused portion.
  • Sharing account credentials outside your organization. One account = one human or one organization. Per-seat workspace isolation on Enterprise.

Everything else — exploit dev, payload generation, RE workflows, evasion research, custom tradecraft, scrapers at scale, malware analysis, CTF solving, bug bounty work — the agent ships.

// related

See also

Data Processing Addendum

GDPR / UK GDPR / CCPA — sub-processors, transfers, breach SLA.

Privacy policy

No training on prompts. 24h auto-purge. Plain English.

Crypto-only billing

No card on file = nothing to leak.