Skip to content
Cyber Army LogoCyber Army™

Terms of Service

Last updated: 2026-06-10

These Terms of Service ("Terms") govern your access to and use of the products and services of Cyber Army ("Cyber Army", "we", "us"), including CyberArmy AutoFix, Cyber Swarm, the free AI pentest report, and this website (together, the "Services"). By accessing or using the Services, you agree to these Terms. If you use the Services on behalf of a company, you represent that you have authority to bind that company, and "you" refers to that company.

1. Our services

CyberArmy AutoFix

An agentic security remediation platform that connects to your infrastructure via API integrations, detects vulnerabilities, generates fixes, validates them in an isolated environment, and deploys with your explicit approval. AutoFix operates only on assets and environments you have authorized and configured.

Cyber Swarm

An AI penetration testing service that tests the external attack surface of domains you have verified and authorized. Cyber Swarm performs live, active exploitation: it sends real attack payloads, attempts real logins with default credentials, and exercises real vulnerabilities the way an actual attacker would, in order to produce findings backed by evidence rather than theoretical scores.

2. Authorization for security testing

You must have full legal authority and authorization for every asset you submit for testing. By starting a Cyber Swarm pentest or submitting a domain for a free AI pentest report, you represent and warrant that:

  • You own the submitted domains, IP addresses, and systems, or you have obtained explicit written authorization from their owner to have them security tested.
  • You have obtained any consents required from third parties whose services host or serve the assets in scope, such as hosting providers, cloud platforms, and CDN providers, where their policies require it.
  • You have the organizational authority to approve security testing, including authority over maintenance windows, change control, and incident response for the assets in scope.

Our DNS TXT verification step is a safeguard, not a substitute for your authorization obligations. Unauthorized security testing of systems may violate laws such as the U.S. Computer Fraud and Abuse Act and equivalent laws in other jurisdictions. You are solely responsible for ensuring testing is authorized, and you bear all consequences of submitting assets you were not authorized to test.

3. Live exploitation and assumption of risk

Penetration testing is intrusive by nature. Although Cyber Swarm uses conservative, rate-capped techniques designed to find vulnerabilities rather than cause harm, live exploitation carries inherent risk, including the possibility of service degradation, system instability, application errors, data modification, or outages on the tested assets.

By starting a test, you acknowledge and accept these risks. You agree that:

  • You will maintain current backups and tested recovery procedures for all assets in scope before testing begins.
  • You will notify your internal teams and any affected stakeholders that authorized testing is taking place.
  • To the fullest extent permitted by law, Cyber Army is not responsible or liable for any downtime, outage, service interruption, degraded performance, data loss, data corruption, or business interruption arising from or related to authorized security testing, whether on your systems or on third-party systems serving your assets.

4. Your responsibilities

  • Authorization: as described in Section 2. You may not submit third-party assets without their explicit written consent.
  • Accuracy: you are responsible for providing accurate scope information and maintaining control over the assets you connect or submit.
  • Backups: you are responsible for maintaining backups and recovery capability for all systems exposed to testing or remediation.
  • Account security: you are responsible for maintaining the confidentiality of your account credentials and for all activity under your account.
  • Compliance: you are responsible for ensuring your use of the Services complies with applicable laws and regulations in your jurisdiction.

5. Acceptable use

You agree not to:

  • Use the Services to scan, test, or attack systems you do not own or have explicit written authorization to test.
  • Attempt to circumvent, disable, or interfere with security features of our platform.
  • Use the Services to violate privacy, intellectual property rights, or applicable regulations.
  • Resell, sublicense, or provide access to the Services to third parties without our written consent.
  • Use the Services for any unlawful, harmful, or abusive purpose.

6. AutoFix operational safeguards

  • No fix is deployed to production without your explicit approval via the CISO control center. Deployments you approve are made at your direction, and you remain responsible for changes you approve.
  • All fixes are tested in an isolated environment before any deployment.
  • Automated rollback is designed to act within 60 seconds of anomaly detection. Rollback is a safety mechanism, not a guarantee of uninterrupted operation.
  • You may configure policy-as-code guardrails to define what AutoFix is permitted to modify.
  • We may pause or suspend automated actions if we detect anomalous behavior or risk of harm.

7. Cyber Swarm testing safeguards

  • Cyber Swarm only tests domains you have verified via DNS TXT record and authorized for testing.
  • Scan rates are capped and tuned to reduce the likelihood of service disruption. This reduces risk; it does not eliminate it (see Section 3).
  • Testing covers your external attack surface: publicly reachable infrastructure. Cyber Swarm does not require credentials and does not interact with data behind authentication unless exploitation of a vulnerability exposes it, in which case it is documented as evidence.
  • You may stop testing at any time by contacting cyberarmy@codeproof.com.

8. Free and early-access services

  • Free offerings, including the free AI pentest report, and early-access offerings are provided with no service-level commitments and may be modified, limited, or discontinued at any time.
  • All provisions of these Terms, including Sections 2, 3, 11, and 12, apply fully to free and early-access services.

9. Data handling

We collect and process infrastructure metadata and exploitation evidence necessary to deliver the Services. We do not collect personal data from your end users. Full details are in our Privacy Policy.

10. Intellectual property and confidentiality

  • Cyber Army retains all rights to our platform, software, agents, models, and technology.
  • You retain ownership of your data and infrastructure. You grant us a limited license to process your data solely to deliver the Services.
  • Reports and findings generated for your account are yours. We treat them as your confidential information and do not share them with third parties except as required to deliver the Services or by law.
  • Each party agrees to protect the other's confidential information with at least reasonable care and to use it only as needed to perform under these Terms.

11. Disclaimers

The Services are provided "as is" and "as available", without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, and uninterrupted or error-free operation. In particular:

  • No guarantee of completeness: no security testing finds every vulnerability. We do not guarantee discovery of all vulnerabilities or prevention of all security incidents.
  • Point-in-time results: findings and reports reflect the state of the tested assets at the time of testing. New vulnerabilities can appear at any time.
  • No assurance of outcomes: passing a Cyber Swarm test or deploying AutoFix fixes does not certify that your systems are secure or compliant.
  • Testing and remediation risk: as described in Section 3, we are not responsible for outages, disruption, or damage arising from authorized testing or from changes you approve.

12. Limitation of liability

  • To the fullest extent permitted by law, Cyber Army is not liable for indirect, incidental, special, punitive, or consequential damages, including loss of revenue, loss of profits, loss of data, loss of goodwill, or business interruption, even if advised of the possibility of such damages.
  • Without limiting Section 3, Cyber Army is not liable for any damages arising from outages, downtime, or service disruption of your systems or third-party systems in connection with authorized security testing or approved remediation.
  • Our total aggregate liability arising out of or related to the Services is limited to the fees you paid to Cyber Army in the twelve months preceding the claim, or one hundred US dollars ($100) if you have paid no fees.

13. Indemnification

You agree to indemnify, defend, and hold harmless Cyber Army and its officers, directors, employees, and agents from and against any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your breach of these Terms; (b) your submission of assets for testing without sufficient authorization, including claims by third parties whose systems were tested at your direction; (c) changes and deployments you approve; or (d) your violation of applicable law or third-party rights.

14. Suspension and termination

  • We may suspend or terminate your access for abuse, safety concerns, suspected unauthorized testing, legal compliance, or material breach of these Terms.
  • You may stop using the Services at any time.
  • Upon termination, your data will be retained for the period specified in our Privacy Policy and then securely deleted. Sections 2, 3, and 10 through 13 survive termination.

15. Governing law and disputes

These Terms are governed by the laws of the State of California, USA, without regard to conflict-of-law principles. Any disputes shall be resolved in the state or federal courts of Santa Clara County, California, and each party consents to their jurisdiction.

16. Changes to these terms

We may update these Terms as our products evolve. We will provide reasonable notice of material changes. Continued use of the Services after the effective date constitutes acceptance of the updated Terms.

17. Contact

Questions about these Terms: cyberarmy@codeproof.com.
Cyber Army Technologies, Inc. - Sunnyvale, CA, USA.