AgentSure
← Back to Legal
AgentSure Legal · v0.1

Acceptable Use Policy + Rules of Engagement

Effective 2026-05-13 · AgentSure Pte. Ltd. (UEN 202620442W)

This Acceptable Use Policy ("AUP") governs how Customers may use the AgentSure Services. It is incorporated by reference into the Terms of Service and any signed Master Services Agreement (MSA).

1. Authorised use

You may use the Services only to assess AI Systems for which you hold all necessary rights and authorisations, including:

  • Ownership of, or authorised access to, the AI System
  • Authority to permit adversarial testing under the relevant LLM provider's terms (e.g., OpenAI usage policies, Anthropic acceptable use, AWS Bedrock terms)
  • Authority under applicable law to consent to the security testing methods used in the Quantify Test Suites

2. Prohibited uses

You must not use the Services to:

  • Assess AI Systems you do not own or are not authorised to test
  • Conduct testing in violation of the Singapore Computer Misuse Act, US Computer Fraud and Abuse Act (CFAA), or analogous laws in your jurisdiction
  • Bypass rate-limits, IP restrictions, or other technical protections of third-party systems
  • Submit content that is unlawful, infringes third-party IP, contains malware, or violates the privacy of others
  • Develop, train, or improve a competing AI risk assessment platform using the Services
  • Resell, sublicense, or grant access to the Services to third parties without our prior written consent

3. Customer-provided API credentials

When you provide API credentials (e.g., OpenAI, Anthropic, DeepSeek, AWS Bedrock) to AgentSure for testing, you must:

  • Configure a spend cap of no more than USD 500 per Assessment cycle (or another amount specified in the SoW) on the relevant LLM provider account before the Assessment begins.
  • Provide credentials with the minimum necessary scope for testing (read-only or sandbox keys preferred).
  • Rotate credentials within seven (7) days after Assessment completion. AgentSure will not retain plaintext beyond the active Assessment.
  • Acknowledge that you remain solely liable for all usage charges incurred on the credentials, whether the charges result from authorised Assessment activity, mis-configuration, or unauthorised access.

AgentSure stores credentials encrypted at rest (AES-256-GCM) and in transit (TLS 1.3+), accessible only to designated assessment worker processes for the duration of the active Assessment.

4. Reasonable usage limits (Scan tier)

For self-serve Scan tier subscribers:

  • Maximum 2 active Assessments concurrently per Customer account
  • Maximum 1 Assessment per 24-hour period for free-tier users
  • Maximum token spend USD 50 per Assessment (auto-abort if exceeded mid-Assessment)
  • Cookbook / probe selection limited to pre-vetted bundles

We may revise these limits with 30 days' notice. Paid Monitor / Underwrite tiers have higher limits per SoW.

5. Consequences of violation

We may suspend or terminate access if we reasonably believe you are violating this AUP. For material breach of §2 first three bullets, suspension may be immediate without notice. We will restore access promptly after you demonstrate remediation.

6. Rules of Engagement (RoE) — per-Assessment

Each Assessment requires a Rules of Engagement (RoE) acceptance. For Scan and Monitor tiers, this is click-wrap captured at the start of each Assessment. For Underwrite tier, a signed RoE is annexed to the SoW.

RoE structure

  • A. Target endpoints: exact URLs to be tested + model identifier + authentication method
  • B. Scope of testing methods: which adversarial test methods are in-scope (prompt injection / jailbreak / data extraction / fairness / robustness / agent breach)
  • C. Out-of-scope: DoS, brute-force, network-layer attacks, social engineering, physical security
  • D. Rate limits: max concurrent requests, max requests per second, total token budget, total duration cap
  • E. Emergency stop: 24h contact at ops@agentsure.tech — either Party may halt testing; we acknowledge within 1 business hour and cease within 4 business hours
  • F. Customer authorisation: you expressly authorise the testing within the scope you defined
  • G. AgentSure obligations: scope-limited, encrypted handling, audit logging

7. Customer representations (RoE acceptance)

By accepting an RoE (click-wrap or signed), you expressly:

  • Authorise AgentSure to conduct adversarial testing against the target endpoints, using the methods, within the rate limits, for the duration of the RoE
  • Represent and warrant that you hold all necessary rights and authorisations, including from any underlying LLM provider whose terms may restrict adversarial use
  • Confirm the spend cap on your LLM provider account is configured at USD 500 or less, and accept sole liability for any charges incurred during testing
  • Acknowledge that adversarial testing may generate offensive, biased, or otherwise objectionable content as part of normal red-team evaluation, and that such content is incidental to the assessment process and not endorsed by AgentSure
  • Indemnify AgentSure against any third-party claim arising from the underlying LLM provider's response to authorised testing (including account suspension or termination)

8. AgentSure obligations during testing

  • Limit testing strictly to the scope defined in the RoE
  • Treat all data received as Confidential Information per the governing contract
  • Encrypt Customer API credentials at rest (AES-256-GCM) and in transit (TLS 1.3+)
  • Maintain audit logs of all testing activity
  • Provide a written Assessment Report within the SoW timeline
  • Refrain from any testing method not listed in the RoE
  • Stop immediately on receipt of a STOP signal from the Customer
For MAS-licensed customers: this AUP plus the RoE captures the "outsourced service provider scope" documentation required under MAS Notice 658 §5.4. We can provide a co-signed RoE for regulator submissions on request.

9. Versioning

This AUP is versioned. Material changes trigger re-acceptance on next sign-in. The RoE is re-issued per Assessment.

10. Questions

Questions about authorised scope, RoE customisation, or pre-Assessment sign-off: legal@agentsure.tech.

AgentSure Pte. Ltd. · UEN 202620442W · 160 Robinson Road #14-04 SBFC, Singapore 068914

Questions: legal@agentsure.tech

Version v0.1 · Last updated 2026-05-13