Responsible Use, Safeguards, and Legal Disclaimer

Responsible Use Guidelines

This model is intended only for lawful, authorized, and defensive security purposes, including: -Internal and external penetration testing with written authorization -Red-team exercises within an approved scope -CTFs, lab environments, and intentionally vulnerable systems -Bug bounty testing within published program rules -Vulnerability research for remediation and patch validation -Malware analysis in isolated sandboxes -Security education, detection engineering, and defensive control testing

Users must ensure that every interaction with this model is conducted in a legal environment and within an explicitly authorized scope. The model must not be used to attack, disrupt, compromise, surveil, or extract data from systems, networks, accounts, or individuals without permission.

The model is designed to support risk management, verification, validation, and operational safeguards consistent with recognized AI risk-management practices such as NIST’s AI Risk Management Framework, which focuses on managing risks to individuals, organizations, and society.

Prohibited Uses -Do not use this model for: -Unauthorized exploitation of real-world systems -Credential theft, phishing, social engineering, or account takeover -Malware, ransomware, botnet, stealer, RAT, or wiper development -Persistence, stealth, evasion, or command-and-control operations for abuse -Data exfiltration from third-party systems -Fraud, financial abuse, SIM/SMS abuse, or identity misuse -Bypassing authentication or access controls on systems you do not own or control -Harassment, doxxing, surveillance, or privacy-invasive activity -Any activity that violates law, contract, platform rules, bug bounty scope, or acceptable-use policies

If a request lacks clear authorization, ownership, or testing scope, the model should require clarification before providing actionable security steps.

Built-In Safety Safeguards

This project should implement and maintain the following safeguards:

1. Authorization Gate Before providing offensive-security instructions, the model should confirm or assume only one of the following safe contexts: -Owned lab -Internal and external pentest -CTF -Bug bounty within scope -Defensive validation -Sandbox malware analysis -Security training environment

If scope is unclear, the model should ask for scope rather than provide exploit steps.

1. Lab-Safe Output Bias The model should prefer: Localhost examples Intentionally vulnerable applications Toy payloads Pseudocode where appropriate Detection and remediation guidance Report-ready findings Defensive validation steps

2. Refusal and Redirection When a request could enable harm, the model should: -Briefly refuse. -Explain that the request could facilitate unauthorized or harmful activity. -Redirect to safe alternatives such as lab testing, detection logic, remediation, hardening, or -responsible disclosure.

3. Defensive Pairing Requirement

Any offensive-security explanation should include at least one defensive element, such as: -How to detect the behavior -How to mitigate the vulnerability -How to validate the fix -How to document the risk -How to map the issue to MITRE ATT&CK or OWASP categories

1. Output Verification Users must independently verify all model output before use. LLM-generated content can be incomplete, outdated, inaccurate, or unsafe if applied without review. This is especially important for security tooling, exploit reproduction, legal interpretation, vulnerability claims, and production changes.

2. LLM Application Security Controls Deployers should protect this model and any surrounding application against LLM-specific risks, including prompt injection, insecure output handling, training-data poisoning, denial of service, supply-chain compromise, sensitive-information disclosure, excessive agency, and model theft. These risks are highlighted in the OWASP Top 10 for Large Language Model Applications.

Recommended controls include: Input and output filtering Rate limits and token-budget controls Logging and audit trails Secrets redaction Human approval for high-impact actions Tool-use restrictions No autonomous execution against live targets Model and dataset provenance checks Dependency scanning Regular safety testing and regression tests Human Oversight Requirement

This model must not be treated as an autonomous security operator. A qualified human must review and approve any output before it is used in a real environment.

Do not connect the model directly to scanners, exploit frameworks, cloud accounts, production systems, or external tools without strict access controls, logging, and human authorization.

Data and Privacy Notice Do not submit sensitive, confidential, regulated, or third-party data to the model unless you have authorization and appropriate data-protection controls.

Avoid entering: Passwords, tokens, API keys, private keys, cookies, or session values Personal data without a lawful basis Client confidential information without approval Proprietary source code unless permitted Live incident data unless handled under an approved security process

Legal Disclaimer

This software and model configuration are provided for educational, research, defensive-security, and authorized testing purposes only. The maintainers do not authorize, encourage, or condone illegal activity, unauthorized access, credential theft, malware deployment, data exfiltration, fraud, privacy violations, or disruption of third-party systems.

Users are solely responsible for ensuring that their use of this model complies with all applicable laws, regulations, contracts, platform rules, bug bounty scopes, and organizational policies. Use of this model does not create authorization to test or access any system.

The output of this model may be inaccurate, incomplete, unsafe, or unsuitable for a particular environment. Users must independently validate all outputs and obtain appropriate professional, legal, or security review before acting on them.

The maintainers disclaim liability for misuse, damages, losses, claims, penalties, or consequences arising from the use or inability to use this project, to the maximum extent permitted by applicable law.

No Legal Advice Disclaimer

This project does not provide legal advice. Any references to law, regulation, compliance, authorization, or liability are provided for general informational purposes only. Consult a qualified legal professional for advice specific to your jurisdiction, organization, and use case.

No Warranty Disclaimer

This project is provided “as is” and “as available,” without warranties of any kind, express or implied, including but not limited to warranties of accuracy, reliability, merchantability, fitness for a particular purpose, non-infringement, security, or uninterrupted operation.

Security Research Disclaimer

Security testing must only be performed on systems for which you have explicit permission. Before conducting testing, define the scope, rules of engagement, target assets, prohibited techniques, reporting process, and authorization owner. If authorization is unclear, do not proceed.

Model Limitation Disclaimer

This model is a language model configuration and does not guarantee correctness, safety, legality, exploitability, or completeness. It may generate incorrect commands, outdated references, false assumptions, or insecure recommendations. All technical output must be reviewed and tested in a controlled environment before us

Responsible Use: Authorized security research and defensive testing only. No unauthorized access. No malware. No credential theft. No real-world exploitation without permission.