AI Usage Policy

1. Purpose and Scope

This AI Usage Policy ("AI Policy") governs the use of artificial intelligence capabilities within the Athena Agentic Platform, including the Aegis, Vigil, and Citadel services, and any AI-generated outputs produced by or through the Platform. This AI Policy is incorporated by reference into all Customer Agreements and the Terms of Service.

This AI Policy applies to all customers, users, and authorized personnel interacting with AI-powered features of the Platform.

2. Nature of AI-Powered Services

2.1 Intelligence and Decision-Support Only

The Athena Agentic Platform provides intelligence, analysis, recommendations, prioritisation, automation, orchestration, and decision-support capabilities only. The Platform does not and cannot replace qualified human judgment, professional expertise, or independent verification.

Specifically, the Platform does not provide, and must not be relied upon as providing:

• Legal advice or legal opinions
• Accounting, audit, or financial reporting advice
• Tax advice or tax compliance services
• Investment advice or financial planning services
• Procurement recommendations with binding effect
• Authoritative cybersecurity compliance determinations
• Engineering specifications or safety-critical system designs
• Medical, health, or clinical advice or diagnosis
• Regulatory compliance certifications or assurances

2.2 Accuracy and Verification

Athena Agentic is engineered for accuracy. Across analysis and results generation, the Platform applies proprietary algorithms, multi-agent cross-verification, evidence grounding in your own telemetry, continuous evaluation against known-good data, and human-on-the-loop supervision to validate findings before they are surfaced or acted upon. These methods are designed to deliver dependable, defensible results in production security operations.

Artificial intelligence also has inherent characteristics that every AI system, across the industry, must account for. Athena Agentic's verification methods are designed specifically to detect and reduce them:

• Factual grounding: generative models can produce plausible but unsupported statements; the Platform grounds outputs in your evidence and routes low-confidence results for review
• Completeness: a single model pass can omit relevant context; the Platform cross-checks across specialist agents and multiple data sources
• Classification accuracy: detections and risk scores are corroborated against multiple signals rather than a single inference
• Model drift: performance is monitored continuously as threat landscapes and underlying models evolve, with evaluation gates applied to changes
• Novel scenarios: outputs on underrepresented situations are routed to human review by design
• Context limitations: retrieval and tiered memory bring the relevant information to each decision rather than relying on a fixed context window

No AI system, including Athena Agentic, is infallible. AI-generated outputs are therefore provided as verified decision-support: material decisions remain subject to the human oversight described below, consistent with the supervised, on-the-loop model the Platform is built around.

3. Human Oversight Requirements

3.1 Mandatory Human Review

Customers and users must maintain appropriate human oversight over all material decisions, actions, and outcomes influenced by Platform AI outputs. Specifically:

(a) Incident response decisions involving significant business impact, regulatory reporting, law enforcement notification, or public disclosure must be reviewed and authorized by qualified human personnel before execution;

(b) Security control changes with material impact on organizational security posture require human authorization from personnel with appropriate authority and expertise;

(c) Asset isolation, blocking, or quarantine actions with significant operational impact require human authorization unless the customer has explicitly authorized automated execution for specific defined scenarios;

(d) Vulnerability remediation affecting production systems requires human review of the recommended remediation steps before implementation;

(e) Regulatory and compliance determinations must be reviewed by qualified legal, compliance, or security personnel before action.

3.2 Autonomous Execution Controls

Where the Platform is configured to execute actions autonomously (including automated detection, automated response, automated blocking, automated alerting, and automated remediation workflows), customers are responsible for:

(a) configuring appropriate scope and boundaries for autonomous execution;

(b) establishing escalation thresholds that require human authorization;

(c) maintaining audit logs of all autonomous actions;

(d) regularly reviewing autonomous action logs and performance;

(e) establishing procedures for disabling autonomous execution in emergency situations; and

(f) ensuring that autonomous execution policies comply with applicable regulatory requirements.

4. Third-Party AI Model Providers

4.1 Third-Party Model Dependency

The Platform may incorporate AI capabilities powered by third-party large language model (LLM) providers and AI model services. Athena Agentic does not control third-party AI model providers and makes no representations or warranties regarding:

• the accuracy, reliability, or performance of third-party AI models;
• the availability or uptime of third-party AI model services;
• changes to third-party model capabilities, parameters, or outputs resulting from model updates, retraining, deprecation, or provider policy changes;
• the processing of data submitted to third-party model providers, subject to the applicable data processing terms.

4.2 Model Changes and Degradation

Third-party AI model providers may modify, update, retrain, deprecate, or replace AI models at any time. Such changes may alter Platform outputs. Athena Agentic will use commercially reasonable efforts to monitor for material changes and communicate significant impacts to customers, but cannot guarantee continuity of model performance across provider changes.

4.3 Model Outages

Third-party AI model service outages may impact Platform AI functionality. Athena Agentic will use commercially reasonable efforts to provide fallback capabilities and incident communications during model outages, but does not guarantee uninterrupted AI functionality.

5. AI Governance Obligations

5.1 Customer AI Governance

Customers are responsible for implementing their own AI governance frameworks consistent with applicable regulations, industry standards, and internal policies, including:

• maintaining documentation of AI use cases and associated risks;
• conducting AI impact assessments where required by applicable law;
• ensuring compliance with sector-specific AI regulations (including, where applicable, the EU AI Act, NIST AI Risk Management Framework, and any applicable national AI regulation);
• maintaining audit trails and explainability documentation for AI-assisted decisions in regulated contexts; and
• ensuring that personnel using AI-assisted decision-making have appropriate training and competency.

5.2 Prohibited AI Uses

The following uses of the Platform's AI capabilities are prohibited:

(a) using AI outputs as the sole determinative basis for decisions with significant impact on individuals' rights, freedoms, safety, or livelihoods without appropriate human oversight;

(b) using AI capabilities in contexts where applicable law requires human decision-making or prohibits automated decision-making;

(c) deliberately manipulating the Platform to generate false, misleading, or harmful outputs;

(d) using AI capabilities to target or discriminate against protected classes in violation of applicable law;

(e) using AI outputs as substitutes for professional, legal, medical, financial, or other licensed advice in high-stakes contexts;

(f) using the Platform to generate or distribute disinformation, false threat intelligence, or fabricated security data.

6. Data Used for AI

6.1 Customer Data

We do not use Customer Data or Customer Content to train, fine-tune, or improve AI models without the express written consent of the customer.

6.2 Platform Data and Derived Insights

We may use Platform Data, Telemetry Data, Aggregated Data, and Anonymised Data to improve Platform capabilities, train internal models, develop new features, and enhance detection and response effectiveness. Such data is processed in accordance with our Privacy Policy and does not include Customer Data in identifiable form.

6.3 Prohibition on Competitive Extraction

Users must not use AI-generated outputs to train, fine-tune, or improve competing AI systems, competing security platforms, or competing agentic systems. This prohibition is a material term of the Customer Agreement and this AI Policy.

7. Disclaimer of AI Warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ATHENA AGENTIC MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, COMPLETENESS, RELIABILITY, TIMELINESS, OR FITNESS FOR A PARTICULAR PURPOSE OF ANY AI-GENERATED OUTPUT. AI CAPABILITIES ARE PROVIDED "AS IS" AND ON AN "AS AVAILABLE" BASIS.

ATHENA AGENTIC IS NOT LIABLE FOR ANY SECURITY INCIDENT, DATA BREACH, COMPLIANCE FAILURE, REGULATORY PENALTY, OR OTHER HARM ARISING FROM RELIANCE ON AI-GENERATED OUTPUTS WITHOUT APPROPRIATE HUMAN REVIEW AND VERIFICATION.

8. Changes to This AI Policy

We may update this AI Policy as AI capabilities, third-party models, and applicable regulations evolve. The "Last updated" date reflects the most recent revision. Material changes will be communicated to customers through the applicable notice mechanisms in the Customer Agreement.

9. Contact

For questions about this AI Usage Policy:

Email: Legal@athenaagentic.com Subject: AI Policy Inquiry

Source of truth: /docs/legal/AIUsagePolicy.md  ·  All legal documents