Disclaimer
PhantomYerra is a professional security assessment platform. Use it only against systems you own or where you have explicit, written authorization to test. Unauthorized scanning, exploitation, or access is illegal in most jurisdictions and a violation of these terms.
1. Scope and intended use
PhantomYerra (“the Software”) is an AI-agentic security assessment platform intended for use by security professionals, penetration testers, red teams, and SDLC/DevSecOps teams to identify, confirm, and report security weaknesses in systems they are authorized to test.
The Software performs active probing, exploitation verification, and evidence capture. These activities can materially affect target systems: they may trigger alerts, consume resources, generate logs, or in rare cases disrupt service. You are solely responsible for authorization, scope, timing, and impact of every test you run.
2. Authorization requirement
Before running any active scan with PhantomYerra, you represent and warrant that:
- You own the target systems, or you have obtained prior written authorization from the legal owner covering the specific scope, techniques, and timeframe of the engagement;
- You will not exceed the authorized scope (hosts, networks, accounts, subdomains, cloud resources, applications);
- You will comply with all applicable laws and regulations in your jurisdiction and the jurisdiction of the target (including but not limited to the US Computer Fraud and Abuse Act, UK Computer Misuse Act, EU NIS2, and equivalent regional statutes);
- You will immediately halt testing if authorization is withdrawn or scope is reduced.
3. No warranty
THE SOFTWARE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. PhantomYerra and its copyright holder disclaim all warranties, including but not limited to:
- Merchantability, fitness for a particular purpose, and non-infringement;
- That scan results are complete, accurate, or timely;
- That all vulnerabilities will be detected, or that reported vulnerabilities are necessarily present (false positives and false negatives are inherent to security testing);
- That the Software is free of defects, errors, or interruptions;
- That third-party data sources (CVE, EPSS, KEV, threat feeds, AI providers) are accurate, current, or available.
4. Scan impact and liability
PhantomYerra performs active techniques including authentication testing, injection probing, fuzzing, network scanning, and exploit validation. These can legitimately:
- Consume bandwidth, CPU, and memory on target and intermediary systems;
- Trigger WAF, IDS, IPS, EDR, and SIEM alerts;
- Cause temporary service degradation or, in rare cases, crashes;
- Create log entries and, where confirmed, proof-of-concept artifacts in target data;
- Generate support tickets with your cloud, hosting, or SaaS providers.
You assume all risk and responsibility for the impact of scans you initiate. PhantomYerra and its copyright holder are not liable for damages arising from authorized or unauthorized use of the Software, including but not limited to direct, indirect, incidental, consequential, special, exemplary, or punitive damages — even if advised of the possibility of such damages.
5. Findings, evidence, and AI-generated content
PhantomYerra uses evidence-gated findings, payload libraries, exploit validators, and AI-assisted reasoning (Anthropic Claude and/or local models in privacy-preserving configurations). While every effort is made to produce accurate and reproducible results:
- Findings may contain false positives that require manual validation before remediation or disclosure;
- AI-generated narratives, remediation code, and classifications are suggestions and should be reviewed by a qualified security professional before action;
- Exploit proofs-of-concept are intended for internal verification and responsible disclosure, never for unauthorized access;
- CVE data, exploit references, and threat intelligence are aggregated from public and commercial sources and may be incomplete or delayed.
You are responsible for validating findings before acting on them, publishing them externally, or including them in regulatory submissions.
6. Responsible disclosure
If PhantomYerra identifies a vulnerability in a third-party product, platform, or service during authorized testing, you are expected to follow responsible disclosure practices — notifying the affected vendor privately and allowing reasonable time for remediation before public disclosure. See our Responsible Disclosure policy for how to report issues in PhantomYerra itself.
7. Third-party tools and data
PhantomYerra integrates with third-party security tools, public vulnerability databases (NVD, CISA KEV, EPSS), public exploit reference sources (including ExploitDB), and AI providers (Anthropic and optional local inference). These are governed by their own licenses and terms of service, and PhantomYerra makes no warranty about the accuracy, availability, or continued operation of these external services.
8. Export controls and sanctions
Security software may be subject to export control laws in your jurisdiction (including US Export Administration Regulations). You agree to comply with all applicable export and re-export restrictions. The Software may not be used in or exported to countries, entities, or individuals subject to US or other applicable sanctions.
9. Governing documents
This Disclaimer is read alongside and does not supersede:
- Terms of Service — license grant, restrictions, and obligations;
- Privacy Policy — how we handle your data;
- Responsible Disclosure — how to report issues in PhantomYerra.
Your purchase agreement (if any) may contain additional or superseding terms.
10. Contact
Questions about this disclaimer: legal@phantomyerra.com
General inquiries: /contact
This Disclaimer is the governing statement for use of PhantomYerra but does not constitute legal advice for your specific jurisdiction or engagement. Consult qualified counsel for legal obligations applicable to your penetration-testing activities.