AI Discovery Product-Specific Terms

These AI Discovery Product-Specific Terms (these “AI Discovery Terms”) supplement the Master Terms and, together with the DPA and each Order Form, form part of the Agreement between HiddenLayer and Subscriber. These AI Discovery Terms apply to Subscriber’s access or use of AI Discovery. Capitalized terms used but not defined herein have the meanings given to them in the Master Terms.

1. Discovery Product Description. “AI Discovery” is a module designed to provide visibility into Subscriber’s AI footprint by scanning cloud accounts, repositories, endpoints, and pipelines to detect AI models, agents, and associated assets in Subscriber’s enterprise environments, including assets deployed outside of formal governance processes. AI Discovery builds and maintains an inventory of Subscriber’s AI activity and associates discovered assets with ownership and risk metadata. Product descriptions are for informational purposes only, and features and functionality are subject to change in accordance with the Agreement. Subject to the foregoing and applicable Documentation, AI Discovery is designed to provide the following capabilities: 
   
   1. Automated AI Asset Detection. Scanning of Subscriber’s designated cloud environments (which may include Amazon Web Services, Microsoft Azure, and Databricks) to detect AI models, agents, and associated assets, including assets deployed outside of Subscriber’s formal governance or approval processes (“shadow AI”). 
   2. AI Asset Inventory. Creation and maintenance of a continuously updating inventory of Subscriber’s discovered AI assets, including model types, deployment locations, and interconnected dependencies. 
   3. Ownership and Risk Classification. Automated association of discovered AI assets with owners and risk metadata labels (such as “critical,” “noncompliant,” or “compliant”).
2. AI Discovery Subscriber Obligations.
   
   1. Access and Credentials. Subscriber shall promptly notify HiddenLayer of any changes to its infrastructure, access controls, or environment configurations that may affect AI Discovery’s ability to perform scans or otherwise function in accordance with the Documentation. 
   2. Scope of Access. Subscriber acknowledges that the completeness and accuracy of the AI asset inventory and all other outputs generated by AI Discovery depend on the scope of access, permissions, and environmental visibility granted by Subscriber. HiddenLayer shall not be responsible for any failure to detect, classify, or accurately characterize AI assets to the extent resulting from: (i) Subscriber’s failure to provide adequate access or permissions; (ii) changes to Subscriber’s environments not communicated to HiddenLayer; or (iii) AI assets residing in environments or platforms not supported by AI Discovery.
   3. AI Discovery Subscriber Content. Subscriber represents and warrants that it has obtained all rights and authorizations necessary to permit HiddenLayer to access and scan Subscriber’s environments for which Subscriber has granted access, and that its provision of access credentials and permissions to HiddenLayer does not violate any Applicable Laws, contractual obligation, or third-party right. 
3. Limitations.
   
   1. No Professional Advice. Subscriber is solely responsible for any remediation, governance, compliance, or risk management actions it undertakes (or elects not to undertake) in reliance on the outputs of AI Discovery, including any compliance framework mappings. Outputs are provided for informational purposes only and do not constitute legal, regulatory, compliance, or other professional advice. HiddenLayer shall have no liability for Subscriber’s reliance on outputs, including as a substitute for independent compliance assessments or professional advice.
   2. No Guarantee of Detection. AI Discovery is designed to identify AI assets based on known signatures, patterns, and supported integrations. HiddenLayer does not guarantee that AI Discovery will detect all AI assets within Subscriber’s environments, or provide accurate, current, or complete classifications, risk assessments, or other information. 
   3. Supported Environments. AI Discovery’s scanning and detection capabilities are limited to the platforms, cloud providers, and environment types identified as supported in the Documentation. HiddenLayer shall not be liable for any failure to detect AI assets deployed in unsupported environments or in environments to which Subscriber has not granted adequate access.

AI Supply Chain Security Product-Specific Terms

These AI Supply Chain Security Product-Specific Terms (these “AI Supply Chain Security Terms”) supplement the Master Terms and, together with the DPA and each Order Form, form part of the Agreement between HiddenLayer and Subscriber. These AI Supply Chain Security Terms apply to Subscriber’s access or use of AI Supply Chain Security. Capitalized terms used but not defined herein have the meanings given to them in the Master Terms.

1. Product Description. “AI Supply Chain Security” is a module designed to assess risks and enforce governance controls on proprietary, vendor-supplied, open-source, and third-party AI models by scanning model architectures, files, and artifacts for potential security issues, generating model intelligence and licensing information in the form of an AI Bill of Materials (“AI BoM”), and tracking model versions, lineage, and provenance over time. Product descriptions are for informational purposes only, and features and functionality are subject to change in accordance with the Agreement. Subject to the foregoing and applicable Documentation, AI Supply Chain Security is designed to provide the following capabilities:
   
   1. Model File Inspection. Scanning of model architectures, layers, weights, and related artifacts to detect evidence of tampering, embedded malware, backdoors, or other security risks.
   2. Model Intelligence and AI Bill of Materials. Generation and maintenance of an AI BoM for each scanned model, including model intelligence to uncover key attributes such as model origin, country of origin, geographic footprint, licensing terms, and known dependencies, to support risk assessment and compliance.
   3. Vendor Model Compliance. Scanning third-party models for potential security risks before integration. 
   4. Pre-Deployment Governance. Integration with Subscriber’s existing CI/CD pipelines and model registry platforms to automatically evaluate models against Subscriber-configured policies. Where applicable, blocking of compromised or non-compliant models from reaching production is enabled through Subscriber’s CI/CD pipeline integration.
   5. Framework Mapping. Mapping of identified vulnerabilities to select applicable frameworks and standards, such as those defined by MITRE ATLAS and OWASP, to support standardized risk assessment and reporting.
2. Subscriber Obligations.
   
   1. AI Supply Chain Security Subscriber Content. Subscriber shall ensure it has the necessary rights, consents, and authorizations to submit all Subscriber Content (including model files, artifacts, model weights, architectures, metadata, configuration data, and any other data or content) that it submits to or makes accessible by AI Supply Chain Security. Subscriber represents and warrants that its submission of such Subscriber Content does not violate any third-party license or other rights or restrictions, and that Subscriber has obtained all rights, consents, and authorizations necessary to permit HiddenLayer to scan and analyze such Subscriber Content as contemplated by the Documentation and the Agreement.
   2. Integrations. To the extent the AI Supply Chain Security integrates with Subscriber’s CI/CD pipelines or model registries, Subscriber shall be solely responsible for configuring and maintaining such integrations in accordance with the Documentation. HiddenLayer shall not be liable for any failures, interruptions, or delays resulting from Subscriber’s misconfiguration of such integrations.
   3. Third-Party Environments. To the extent AI Supply Chain Security is used to scan environments owned, operated, or controlled by a third-party, Subscriber shall be solely responsible for obtaining all necessary permissions, consents, and other authorizations from such third-party. Subscriber represents and warrants that it has obtained all such necessary permissions, consents, and other authorizations. HiddenLayer shall have no liability arising from Subscriber’s failure to obtain or maintain such consents, permissions, and other authorizations.
3. Limitations.
   
   1. No Professional Advice. Subscriber is solely responsible for any remediation, governance, compliance, or risk management actions it undertakes (or elects not to undertake) in reliance on the outputs of AI Supply Chain Security, including any deployment or non-deployment decisions made in reliance on the outputs. Outputs, including scan results, risk scores, and AI BoM reports, are provided for informational purposes only and do not constitute legal, regulatory, compliance, or other professional advice. HiddenLayer shall have no liability for Subscriber’s reliance on outputs, including as a substitute for independent compliance assessments or professional advice.
   2. No Guarantee of Detection. HiddenLayer does not guarantee that AI Supply Chain Security will detect all instances of tampering, malware, backdoors, or licensing non-compliance within any given model file, or provide accurate, current, or complete classifications, risk assessments, or other information. 
   3. Supported Environments. AI Supply Chain Security’s scanning and detection capabilities are limited to the platforms, cloud providers, and environment types identified as supported in the Documentation. HiddenLayer shall not be liable for any failure to detect AI assets deployed in unsupported environments or in environments to which Subscriber has not granted adequate access.

AI Attack Simulation Product-Specific Terms

These AI Attack Simulation Product-Specific Terms (these “AI Attack Simulation Terms”) supplement the Master Terms and, together with the DPA and each Order Form, form part of the Agreement between HiddenLayer and Subscriber. These AI Attack Simulation Terms apply to Subscriber’s access or use of AI Attack Simulation. Capitalized terms used but not defined herein have the meanings given to them in the Master Terms.

1. Product Description. “AI Attack Simulation” is an automated red teaming module designed to simulate attacks against Subscriber’s AI systems to identify vulnerabilities before they can be exploited. AI Attack Simulation uses adversarial techniques to test and validate the effectiveness of Subscriber’s AI security controls. Product descriptions are for informational purposes only, and features and functionality are subject to change in accordance with the Agreement. Subject to the foregoing and applicable Documentation, AI Attack Simulation is designed to provide the following capabilities:
   
   1. Prompt Attack Simulation. Automated testing of AI systems for susceptibility to jailbreaks, prompt injections, role confusion, and harmful response patterns.
   2. Model Exfiltration and Data Leakage Testing. Probing of AI systems to assess whether they can be induced to reveal personally identifiable information, protected health information, proprietary training data, or other sensitive information through adversarial inputs.
   3. Agent Misuse. Probing for misuse of AI tools by a target agent by attempting to manipulate the agent into using tools available to such agent in an unauthorized manner. For clarity, AI Attack Simulation performs the evaluation based on text responses, and does not intercept or observe actual backend tool execution. As such, it cannot confirm whether a prohibited action was in fact executed.
   4. System Prompt Hardening. Identification of weaknesses in system prompts that may cause leakage, override, or unintended behavior.
   5. Security Policy Assurance. Validation of AI system behavior against Subscriber-configured security policies.
   6. Continuous Security Testing. Event-triggered testing to account for changes in models, agents, and adversarial techniques over time. Programmatic triggering of red team evaluations requires integration of the AI Attack Simulation SDK into Subscriber’s CI/CD pipeline.
   7. Reports and Recommendations. Generation of reports with actionable findings and recommended guardrail configurations for each identified vulnerability.
2. AI Attack Simulation Subscriber Obligations.
   
   1. Testing Authorization. Subscriber hereby authorizes HiddenLayer to conduct automated adversarial simulations against the AI systems, models, and agents designated by Subscriber through AI Attack Simulation’s configuration interface (collectively, the “Target Systems”). 
   2. Third-Party Systems. If any designated Target System is owned, operated, or controlled by a third-party, Subscriber shall be solely responsible for obtaining all necessary consents, permissions, and other authorizations from such third-party prior to designating such Target System. Subscriber represents and warrants that it has the authority to authorize testing against each Target System and has obtained all such necessary consents, permissions, and other authorizations. HiddenLayer shall have no liability arising from Subscriber’s failure to obtain or maintain such consents, permissions, and other authorizations.
   3. Legal Compliance. Subscriber shall ensure that testing conducted through AI Attack Simulation complies with all Applicable Laws and any applicable terms of service, license agreements, or acceptable use policies governing the Target Systems.
   4. AI Attack Simulation Subscriber Content. Subscriber represents and warrants that it has obtained all rights and authorizations necessary to permit HiddenLayer to process any system prompts, model configurations, API endpoints, security policies, test parameters, and any data or content that Subscriber provides to or makes accessible through AI Attack Simulation.
3. Limitations.
   
   1. No Professional Advice. Subscriber is solely responsible for any remediation actions it undertakes (or elects not to undertake) in response to vulnerabilities identified by AI Attack Simulation. Outputs, including vulnerability reports, simulation logs, and guardrail recommendations, are provided for informational purposes only and do not constitute legal, regulatory, compliance, or other professional advice. HiddenLayer shall have no liability for Subscriber’s reliance on outputs, including as a substitute for independent security assessments or professional advice.
   2. No Guarantee of Detection. HiddenLayer does not guarantee that AI Attack Simulation will identify all vulnerabilities within Target Systems, or provide accurate, current, or complete classifications, risk assessments, or other information. 
   3. Scope of Access. AI Attack Simulation’s effectiveness depends on the scope of access granted by Subscriber and the configuration of Target Systems. HiddenLayer shall not be responsible for any failure to identify vulnerabilities to the extent resulting from Subscriber’s failure to provide adequate access or accurate configuration information.
   4. Harmful Content. Subscriber acknowledges and agrees that, by its nature, AI Attack Simulation generates and processes adversarial, provocative, and potentially offensive content as part of its security testing functionality. HiddenLayer shall have no liability for the nature or content of adversarial inputs generated by AI Attack Simulation.

AI Runtime Security Product-Specific Terms

These AI Runtime Security Product-Specific Terms (these “AI Runtime Security Terms”) supplement the Master Terms and, together with the DPA and each Order Form, form part of the Agreement between HiddenLayer and Subscriber. These AI Runtime Security Terms apply to Subscriber’s access or use of AI Runtime Security. Capitalized terms used but not defined herein have the meanings given to them in the Master Terms.

1. Product Description. “AI Runtime Security” is a module designed to detect and respond to adversarial attacks on Subscriber’s AI systems in production. AI Runtime Security provides continuous runtime monitoring, threat detection, AI guardrails, and automated response capabilities for AI applications, agents, and agentic workflows, including protection against prompt injection, jailbreaks, unsafe outputs, data leakage, and malicious tool use. Product descriptions are for informational purposes only, and features and functionality are subject to change in accordance with the Agreement. Subject to the foregoing and applicable Documentation, AI Runtime Security is designed to provide the following capabilities:
   
   1. Behavioral Analytics and Threat Detection. Continuous monitoring of Subscriber’s protected AI systems (including inputs, outputs, intermediate execution steps, tool and function invocations, multi-step execution chains, data movement across workflows, and session-level behavioral patterns) to detect risks, adversarial attacks, and anomalous interactions aligned with applicable taxonomies.
   2. AI Guardrails and Firewall. Enforcement of Subscriber-configured guardrails and security policies to block malicious prompts, prevent prompt injection, and control unsafe or unauthorized outputs.
   3. Sensitive Data Leakage Detection. Monitoring for and prevention of sensitive data exposure through Subscriber’s AI systems, including detection and redaction of sensitive data within model inputs and outputs, and agent execution flows including tool calls and results.
   4. Agentic Security. Inspection and control of autonomous agent actions to prevent misuse and exploitation. This includes: (a) Agentic Runtime Visibility: Reconstruction of complete agent execution sessions, including prompts, tool calls, outputs, and data movement across systems and workflows, to provide security teams with full operational context; (b) Agentic Investigation and Threat Hunting: Search, filtering, and correlation across agent sessions, tool usage, and execution paths to identify anomalous behavior and uncover threats, including through natural language query and structured expression-based search; and (c) Agentic Detection and Enforcement: Detection of agentic-specific threats (including prompt injection, goal hijacking, tool misuse and chaining, memory and context poisoning, unauthorized code execution, and cascading multi-step failures) with enforcement actions applied inline during execution, including detect (alert), redact (remove sensitive data), and block (stop unsafe execution).
   5. Automated Response and Integration. HiddenLayer provides APIs and webhooks to enable integration with Subscriber’s existing security infrastructure, including security information and event management (“SIEM”) and security orchestration, automation, and response (“SOAR”) workflows, AI gateways, and agent frameworks. These integrations enable automated blocking, redaction, throttling, or redirection of identified malicious activity. Where enforcement is carried out through a third-party gateway or framework, HiddenLayer provides the policy decision and the third-party system executes the enforcement action.
2. AI Runtime Security Subscriber Obligations.
   
   1. Policy Configuration. Subscriber shall be responsible for configuring and maintaining security policies and guardrails enforced by AI Runtime Security, including blocking rules, redaction rules, response thresholds, and automated response actions. HiddenLayer shall not be liable for any action taken or not taken by AI Runtime Security as a result of Subscriber’s policy configuration.
   2. Integrations. Subscriber is responsible for integrating AI Runtime Security into its environment using HiddenLayer’s available APIs and webhooks, including any connections to Subscriber’s security infrastructure, AI gateways, agent frameworks, or other third-party systems. HiddenLayer shall not be liable for any failures, interruptions, or delays resulting from Subscriber’s misconfiguration of integrations or from failures in Subscriber’s or a third-party’s systems, including third-party systems used as enforcement points.
   3. Sensitive Data and Compliance. Subscriber acknowledges that AI Runtime Security inspects data processed through Subscriber’s protected AI systems, including inputs, outputs, intermediate execution steps, tool calls and results, agent actions, session metadata, and multimodal content, which may contain sensitive information. Subscriber is solely responsible for ensuring that its use of AI Runtime Security, and the data processed thereby, complies with all Applicable Laws, including applicable data protection and privacy laws. Processing of Personal Information shall be governed by the DPA.
   4. AI Runtime Security Subscriber Content. Subscriber represents and warrants that it has obtained all rights, consents, and authorizations necessary to permit HiddenLayer to inspect and process security policy configurations, SIEM/SOAR integration parameters, and any other data or content that Subscriber provides to or makes accessible through AI Runtime Security.
   5. Prompt Allocation. Subscriber may submit up to sixteen (16) million prompts per year, per application, during each Subscription Term for monitoring and protection under AI Runtime Security. Additional prompt capacity for monitoring and protection may be made available by HiddenLayer in its sole discretion, subject to the then-current pricing and any additional terms HiddenLayer may specify. 
3. AI Runtime Security Limitations.
   
   1. No Professional Advice. Subscriber is solely responsible for any remediation, investigation, or incident response actions it undertakes (or elects not to undertake) in reliance on alerts, reports, or other outputs of AI Runtime Security. Outputs are provided for informational purposes only and do not constitute legal, regulatory, compliance, or other professional advice. HiddenLayer shall have no liability for Subscriber’s reliance on outputs, including as a substitute for independent security assessments or professional advice.
   2. No Guarantee of Detection. HiddenLayer does not guarantee that AI Runtime Security will detect or prevent all adversarial attacks, policy violations, or security incidents, or provide accurate, current, or complete classifications, risk assessments, or other information. AI Runtime Security is intended to supplement, and not replace, Subscriber’s broader information security program.
   3. Integrated Systems Only. AI Runtime Security’s detection and response capabilities are limited to the AI systems, agents, and workflows that Subscriber has integrated with AI Runtime Security in accordance with the Documentation. 
   4. System Disruption. AI Runtime Security’s automated response actions, including inline enforcement actions executed by third-party gateways or agent frameworks based on HiddenLayer policy decisions, may, in certain circumstances, affect the availability or performance of Subscriber’s AI systems. HiddenLayer shall not be liable for any disruption or other issues resulting from (i) automated response actions taken by AI Runtime Security in accordance with Subscriber-configured policies, or (ii) enforcement actions executed by third-party gateways or frameworks acting on policy decisions provided by AI Runtime Security.