OffensAI Logo

OFFENSAI, Inc. Master Service Agreement

Last Updated: January 6, 2026

1. Introduction

We are OFFENSAI, Inc., a Delaware corporation (together with our affiliates, "OFFENSAI", "we", "us" or "our"). This Master Service Agreement ("MSA"), including all Service Orders and other documents incorporated herein, as well as any amendments or addenda (collectively, "Agreement") forms a binding contract between OFFENSAI and you ("Customer", "you" or "your"). OFFENSAI and you are each a "Party" and collectively, the "Parties."

This Agreement governs all access to and use of OFFENSAI's dynamic, AI-powered cloud security testing platform available at https://www.offensai.com ("Platform"), which enables you to perform the following functions: (a) continuous automated security testing of your Customer Environment using AI-powered vulnerability scanning and assessment tools; (b) simulation of security attacks, exploits, and threat scenarios against your Customer Environment to identify potential vulnerabilities and security gaps; (c) dynamic testing that adapts based on your specific environment, configurations, and risk profile; (d) security vulnerability identification, classification, and prioritization based on severity and potential impact; (e) remediation guidance and recommendations for identified vulnerabilities; (f) compliance monitoring and reporting to help you meet applicable legal or regulatory requirements and industry standards such as SOC 2, ISO 27001, PCI DSS, HIPAA, etc.; (g) security posture monitoring and trending over time; (h) reporting and analytics dashboards; and (i) any other features and functionality that OFFENSAI makes available through the Platform during the Term.

By subscribing to, accessing or using the Platform or related services, you agree that you have read and agree, without reservation, to be bound by this Agreement. If you accept this Agreement on behalf of an entity, then "you" or "your" also refers to that entity, and you represent and warrant that you have the authority to agree to this Agreement on that entity's behalf. This Agreement is effective as of your initial access or use, or upon execution of a Service Order hereunder, whichever is earlier ("Effective Date"). In consideration of the mutual promises herein, the Parties agree as follows:

2. Additional Definitions

  1. "Affiliate" means an entity Controlled by, Controlling or under common Control with a Party. An entity has "Control" of another entity when it owns more than 50% of equity or voting interests, or has primary operational or management responsibility.

  2. "Business Day" means Monday through Friday, excluding federal holidays observed in the United States.

  3. "Business Hours" means 9:00 a.m. to 5:00 p.m. Pacific time zone on Business Days.

  4. "Confidential Information" means any non-public information disclosed directly or indirectly by a Party, its Affiliates or agents ("disclosing Party") to the other Party, its Affiliates or agents ("receiving Party"), whether before or after the Effective Date, including inventions or discoveries (whether or not patentable), trade secrets, ideas, concepts, prototypes, designs, financial information, technical data or know-how, marketing and product information, pricing, business plans, contracts policies and procedures, customer lists (including customer information), technologies (including computer programs, computer code, modules, scripts, algorithms, routines, systems, databases, equipment, features, processes, methodologies, schematics, testing procedures, software design and architecture, design and function specifications, analysis and performance information, and user documentation), internal documentation and materials and any personal information pertaining to an individual or person, such as employees or customers, together with all notes, memoranda, analysis, records or other documents prepared by Receiving Party or its representatives containing or based upon, in whole or in part, information acquired from Disclosing Party in connection with this Agreement, whether in verbal, written or machine-readable form, and regardless of whether it is specifically identified or marked as "confidential" or "proprietary". For clarity, your Confidential Information includes the existence and results of security testing performed under this Agreement.

  5. "Customer Data" means any data, information or material that you or your authorized users provide to or submit through the Platform, including system configurations, credentials, network information and other information necessary for OFFENSAI to perform the Services.

  6. "Customer Environment" means your applications, systems, networks, infrastructure, Customer Data and other technology assets that are subject to security testing under this Agreement.

  7. "Data Protection Laws" means any privacy or data protection laws applicable to OFFENSAI's Processing of Personal Data hereunder, including without limitation: (a) Title 1.81.5, California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100–1798.199), as amended by Proposition 24, the California Privacy Rights Act of 2020 (the "CCPA"); (b) the EU General Data Protection Regulation 2016/679 ("GDPR"); (c) the Privacy and Electronic Communications (EC Directive) Regulations 2003; (d) the Swiss Federal Act on Data Protection; (e) the Data Protection Act 2018 and the United Kingdom's version of the GDPR which is part of UK law by virtue of the European Union (Withdrawal) Act 2018 ("UK GDPR") and any legislation applicable in the UK in force from time to time relating to privacy or the Processing of Personal Data (the "UK Data Protection Laws"); and (f) other applicable U.S. state laws, in each case, as updated, amended or replaced from time to time.

  8. "Documentation" means the technical and user documentation for the Platform that OFFENSAI makes available to customers, as updated from time to time.

  9. "OFFENSAI Content" means security test scenarios, attack simulations, vulnerability assessments, reports and other content created or generated by OFFENSAI's artificial intelligence and machine learning systems.

  10. "Personal Data" means information relating to an identified or identifiable natural person. An identifiable natural person is one who can be specifically identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data or online identifier, or by reference to one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity.

  11. "Process" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  12. "Security Incident" means a Personal Data breach or any unauthorized access or breach of security due to OFFENSAI's failure to comply with its data privacy and/or data protection obligations hereunder, leading to, or reasonably believed to have led to, the theft, accidental or unlawful destruction loss, alteration or unauthorized disclosure of, or access to, any Personal Data Processed by OFFENSAI in connection with this Agreement.

  13. "Service Order" means a mutually-executed order form, quote, proposal, statement of work or other document executed by both Parties that specifies the Services purchased, Fees and any additional terms.

  14. "Services" means the OFFENSAI Platform and related services as described in Section 2 and as specified in any Service Order.

  15. "Usage Metadata" means data generated, collected and processed by OFFENSAI in connection with providing the Services, including without limitation data used to identify the source and destination of a communication, activity logs, and data used to optimize and maintain performance of the Services and to investigate and prevent system abuse. Usage Metadata (i) does not comprise Customer Data and (b) is collected by OFFENSAI on an anonymized or pseudonymized and aggregated basis, such that it does not allow OFFENSAI or any third party to determine that such data relates to or is derived from Customer or any specific user.

  16. "Vulnerability" means a security weakness, flaw or misconfiguration in your Customer Environment that could be exploited to compromise security, as identified by the Platform.

  17. Other Definitions: For purposes of this Agreement, (i) "including" means "including without limitation"; (ii) "written" or "in writing" includes email communications; (iii) "immediately" means without unreasonable delay, typically within 24 hours; (iv) "promptly" means as soon as reasonably practicable under the circumstances; and (v) "reasonable" or "commercially reasonable" means actions that would be taken by a prudent person or company in similar circumstances.

3. The Services

  1. Service Levels OFFENSAI will provide the Services in accordance with the terms of the OFFENSAI, Inc. Service Level Agreement attached hereto as Schedule 1 and fully incorporated herein by this reference.

  2. Service Modifications We may update, modify, enhance or discontinue features of the Platform at any time. If we materially reduce core functionality of the Platform that you have purchased, you may terminate the affected Services upon 30 days' written notice, and we will refund any prepaid fees for the terminated Services on a pro-rata basis for the unused portion of the then-current Term.

  3. Service Monitoring OFFENSAI is not obligated to monitor use of Services, but it may do so for the purposes of operating the Services, ensuring compliance with this Agreement, protecting the rights and safety of OFFENSAI's personnel and third parties, and complying with legal requirements. To the extent that Customer uses the Services to message or communicate with OFFENSAI, OFFENSAI reserves the right to monitor, intercept, review, store and/or delete such messages or communications without further notice. OFFENSAI reserves the right to investigate violations or other conduct that affects the Services. OFFENSAI may also consult and cooperate with law enforcement authorities to prosecute users who violate applicable laws. OFFENSAI may prohibit any use that it believes (or that is alleged) to be in violation of the Agreement or that otherwise adversely impacts the Services.

  4. Service Trials From time to time, OFFENSAI may offer certain Services on a limited basis without fee or charge, including for example, free accounts, trial use, and access to pre-release and beta services (collectively, "Trial Services"). Access to and use of Trial Services may be subject to additional terms, as specified by OFFENSAI. OFFENSAI may modify, discontinue or terminate access to or use of Trial Services at any time, in its sole discretion, and without liability. OFFENSAI's aggregate liability (excluding indirect damages, for which OFFENSAI expressly disclaims all liability) for any claim arising out of or related to Customer's use of Trial Services will not exceed Five Hundred Dollars (US$500.00).

  5. Service Limitations You acknowledge and agree that: (i) the Services are designed to identify potential vulnerabilities and security issues, but may not detect all vulnerabilities in your Customer Environment; (ii) the Platform uses artificial intelligence and machine learning technologies ("AI") that continuously improve but may occasionally produce false positives or false negatives; (iii) security testing and attack simulations will be performed only against your designated Customer Environment and only to the extent authorized by you; (iv) the effectiveness of the Services depends in part on the accuracy and completeness of information you provide about your Customer Environment; (v) you remain solely responsible for securing your Customer Environment and implementing recommended remediations; and (vi) the Services do not constitute a guarantee that your Customer Environment is or will remain secure from all threats.

4. Term and Termination

  1. Initial Term and Renewal This Agreement begins on the Effective Date and continues for the initial term specified in the Service Order, or if no term is specified, for one year ("Initial Term"). This Agreement will automatically renew for successive periods of equal length (each, a "Renewal Term") unless either Party provides written notice of non-renewal at least 30 days before the end of the then-current Term. The Initial Term and all Renewal Terms are collectively, the "Term."

  2. Termination for Cause Either Party may terminate this Agreement immediately upon written notice if: (i) the other Party materially breaches this Agreement and, if the breach is curable, fails to cure the breach within 30 days after receiving reasonably detailed written notice of the breach; (ii) the other Party ceases business operations, becomes insolvent, makes an assignment for the benefit of creditors, or files or has filed against it a petition in bankruptcy or similar proceeding that is not dismissed within sixty (60) days; or (iii) you fail to pay undisputed amounts due within ten (10) days after receiving written notice of non-payment.

  3. Effect of Termination Upon expiration or termination of this Agreement: (i) your right to access and use the Platform will immediately cease; (ii) you will pay all unpaid, undisputed fees accrued through the termination effective date; (ii) all other liabilities accrued before the expiration or termination date will survive; (iv) each receiving Party will return or destroy (at the disclosing Party's option) all Confidential Information of the disclosing Party, except that each Party may retain one archival copy for legal compliance purposes, subject to continued confidentiality obligations; (v) we will, upon your written request submitted within 30 days after termination, provide you with a final export of your historical security test results and reports in a standard format, subject to payment of any applicable fees; and (vi) the following sections will survive: Sections 5 (Fees and Payment), 7 (Intellectual Property Rights), 9 (Confidentiality), 10(c) (Disclaimer), 11 (Limitation of Liability), 12 (Indemnification), 14 (Copyright) and 15 (General Provisions).

  4. Early Termination Fee If you terminate this Agreement without cause before the end of the then-current Term, or if we terminate this Agreement for cause, you agree to pay an early termination fee equal to your recurring charges, if any, multiplied by the number of months remaining in the then-current Term, or as otherwise set forth in the applicable Service Order. This amount represents a reasonable estimate of OFFENSAI's damages and is not a penalty.

5. Fees and Payment

  1. Fees You agree to pay all fees specified in the applicable Service Order ("Fees"), without set-off. All Fees are quoted and payable in United States Dollars, and are non-refundable, unless otherwise specified in writing.

  2. Payment Terms Unless otherwise specified in a Service Order, OFFENSAI will invoice you annually in advance. Payment is due within 30 days of the invoice date. You may pay by credit card, ACH transfer, wire transfer, or check to OFFENSAI's designated payment address.

  3. Late Payment If any undisputed invoice is not fully paid when due, OFFENSAI may: (i) charge interest on the overdue amount at the rate of 1.5% per month (or the maximum rate permitted by law, whichever is less); (ii) suspend or cease providing the Services without liability; and (iii) pursue any other remedies available under this Agreement or applicable law. OFFENSAI will be under no obligation to provide any Services while the invoice(s) remain unpaid.

  4. Disputed Invoices If you desire to dispute in good faith an invoiced amount, you must, by the invoice due date, (i) pay any undisputed portion of the invoiced amount and (ii) provide notice of the details of the dispute, together with all supporting documentation. The Parties will work diligently to promptly resolve the dispute and upon resolution, (1) OFFENSAI will promptly credit to you any amount found to be owed to you or (2) you will promptly pay to OFFENSAI all amounts found to be owed to OFFENSAI. If you do not timely submit a documented dispute notice per this Section, you waive all rights to dispute such amounts.

  5. Taxes All Fees are exclusive of taxes, duties, levies, tariffs and other governmental charges (collectively, "Taxes"). You are responsible for all Taxes except those based on OFFENSAI's net income. If you are required by law to withhold any amounts from payments to OFFENSAI, the amount payable to us will be increased so that we receive the full amount of invoiced Fees due.

6. License and Restrictions

  1. License to Customer

    a. Subject to your compliance with this Agreement and payment of applicable Fees, OFFENSAI grants you a limited, non-exclusive, non-transferable and non-sublicensable license during the Term to: (1) access and use the Platform solely for your internal business purposes; (2) use the Documentation solely in connection with your use of the Platform; and (3) use reports, analyses, and other output generated by the Platform solely for your internal security and compliance purposes. We may use subcontractors to perform OFFENSAI's obligations under this Agreement, provided that OFFENSAI will remain responsible for the performance of such subcontractors.

    b. In connection with the Services, you may be provided with access to various third party content (e.g., analytics), including any application functionality provided by an OFFENSAI-contracted third party ("Third Party Content"). Any Third Party Content is made available on an "AS-IS" basis, without any indemnification or support, and OFFENSAI disclaims all warranties and conditions of any kind, whether express or implied. You are solely responsible for reviewing, accepting and complying with any third party terms applicable to any Third Party Content.

    c. OFFENSAI may collect, use, share and disclose Usage Metadata. As between the Parties, OFFENSAI owns the Usage Metadata.

  2. License to OFFENSAI You grant to OFFENSAI, its Affiliates and their respective agents, suppliers and subcontractors, a limited, non-exclusive, worldwide license during the Term to: (i) access and use Customer Data solely to provide the Services; (ii) access your Customer Environment solely to the extent necessary to perform security testing and other Services; and (iii) use Customer Data solely in anonymized, aggregated form to improve the Platform, train AI models and develop security intelligence, provided such use does not identify you, your organization or any individual.

  3. Prohibited Uses You agree that you will not, and will not permit any third party to do or attempt any of the following: (i) modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer or sell any information, software, products or services obtained from the Platform; (ii) use the Platform to provide services to third parties or allow third parties to use the Platform; (iii) use the Platform for timesharing, service bureau or outsourcing purposes; (iv) reverse engineer, decompile, disassemble or otherwise attempt to derive source code from the Platform; (v) access the Platform to build a competitive product or service or to benchmark against a competitive product; (vi) remove, alter or obscure any proprietary notices on the Platform or Documentation; (vii) use the Platform to conduct security testing against systems or networks you do not own or have explicit authorization to test; (viii) use the Platform to conduct actual attacks or exploits beyond simulated testing; (ix) use the Platform in any manner that violates applicable laws or regulations or third-party rights; (x) transmit any viruses, malware or other harmful code through the Platform; (xi) attempt to gain unauthorized access to the Platform or OFFENSAI's systems; (xii) use the Platform to store or transmit infringing, defamatory or otherwise unlawful content, or for any other unauthorized purpose; (xiii) interfere with or disrupt the integrity or performance of the Platform; (xiv) circumvent any usage limitations or security measures implemented in the Platform; or (xv) interfere with OFFENSAI's provision of services to other customers.

7. Intellectual Property Rights

  1. OFFENSAI Property OFFENSAI (or its licensors) owns all right, title and interest in and to the Platform, Services, Documentation, OFFENSAI Content, algorithms, methodologies, processes, technology, software and all intellectual property rights embodied therein. This Agreement does not grant you any ownership rights in the Platform or Services. All rights not expressly granted to you are reserved by OFFENSAI.

  2. Customer Property You retain all right, title, and interest in and to your Customer Data and your Customer Environment. OFFENSAI does not claim any ownership rights in Customer Data, except for the limited rights expressly granted in Section 6(b).

  3. Feedback If you provide OFFENSAI with any suggestions, comments, ideas or other feedback regarding improving or modifying the Platform, Services, Documentation or OFFENSAI Content ("Feedback"), OFFENSAI may use or exploit such Feedback without any obligation or compensation to you. You hereby assign to OFFENSAI all right, title and interest in any Feedback.

  4. Security Intelligence OFFENSAI retains ownership of all data, insights, statistics, patterns and intelligence derived from the operation of the Platform and the aggregation of data across multiple customers ("Security Intelligence"), provided such Security Intelligence does not identify you or include your Confidential Information. OFFENSAI may use Security Intelligence to improve the Platform, provide industry benchmarks and develop security research.

8. Customer Obligations

  1. Authorized Use You represent and warrant that: (i) you own or have the legal right to authorize security testing of your Customer Environment; (ii) you have obtained all necessary permissions, authorizations and consents to allow OFFENSAI to access and test your Customer Environment as authorized herein; (iii) your use of the Services will comply with all applicable laws, regulations and third-party agreements; and (iv) the information you provide to OFFENSAI is accurate, complete and current.

  2. Security and Access You agree to: (i) maintain the security and confidentiality of your account credentials and authentication information; (ii) immediately notify OFFENSAI of any unauthorized access to your account or the Platform; (iii) define the scope and boundaries of security testing to ensure testing occurs only within authorized systems; (iv) provide OFFENSAI with necessary access credentials, network information and permissions required to perform the Services; (v) ensure your employees and authorized users comply with this Agreement; (vi) maintain adequate backups of your systems and data; and (vii) implement security measures recommended by OFFENSAI in a timely manner.

  3. Compliance You are solely responsible for: (i) determining whether the Services meet your security and compliance requirements; (ii) configuring and using the Services appropriately for your environment; (iii) ensuring compliance with applicable laws, regulations and industry standards; (iv) responding to and remediating identified vulnerabilities; (v) maintaining appropriate security controls in your Customer Environment; and (vi) providing first-level support to your users.

  4. Liability for Unauthorized Testing You acknowledge that conducting security testing without proper authorization may violate laws including the Computer Fraud and Abuse Act. You agree to indemnify and hold OFFENSAI and its affiliates harmless from any claims arising from your use of the Services for testing of unauthorized systems in violation of applicable laws or regulations.

9. Confidentiality

  1. Confidentiality Obligations Each receiving Party agrees to: (i) protect the disclosing Party's Confidential Information using the same degree of care it uses for its own confidential information, but no less than reasonable care; (ii) not disclose the disclosing Party's Confidential Information to third parties except as permitted in this Agreement; (iii) use the disclosing Party's Confidential Information solely to perform its obligations or exercise its rights under this Agreement; and (iv) limit access to disclosing Party's Confidential Information to employees, contractors and advisors who have a legitimate need to know for purposes of this Agreement and who are bound by confidentiality obligations at least as protective as those in this Agreement. OFFENSAI will not disclose security testing results, including identified vulnerabilities in a Customer Environment, except: (1) as necessary to provide the Services; (2) in anonymized, aggregated form as part of Security Intelligence; or (3) as required by law with notice to you (unless legally prohibited).

  2. Exclusions Confidentiality obligations do not apply to information that was: (1) publicly available or becomes publicly available through no breach by the receiving Party; (2) rightfully in the receiving Party's possession without confidentiality obligations before disclosure; (3) independently developed by the receiving Party without access to the disclosing Party's Confidential Information; (4) rightfully received from a third party without confidentiality restrictions; or (5) authorized in writing by the disclosing Party to be disclosed.

  3. Compelled Disclosure If receiving Party receives a request to disclose disclosing Party's Confidential Information, whether pursuant to a valid subpoena or order issued by a court or regulatory body, then before disclosure, receiving Party will: (i) notify disclosing Party of the terms of such request (unless legally prohibited); (ii) cooperate with disclosing Party in taking lawful steps to resist, narrow or eliminate the need for such disclosure; and (iii) if disclosure is nonetheless required, reasonably cooperate with disclosing Party to obtain a protective order or other binding assurance that confidential treatment will be afforded to such Confidential Information as must be disclosed.

  4. Remedies Receiving Party acknowledges that disclosing Party's Confidential Information is valuable and unique and that unauthorized use or disclosure will result in irreparable injury to disclosing Party, for which monetary damages are inadequate. If receiving Party violates or threatens to violate this Section 9, disclosing Party may seek injunctive relief without the need for posting bond, in addition to any other available legal remedies.

10. Warranties and Disclaimers

  1. Mutual Warranties Each Party represents and warrants that: (i) it has the legal power and authority to enter into this Agreement; (ii) this Agreement constitutes a valid and binding obligation; (iii) its performance under this Agreement will not violate any other agreement or obligation; and (iv) it will comply with all applicable laws in performing its obligations under this Agreement.

  2. OFFENSAI Warranties OFFENSAI warrants that: (i) the Services will be performed in a professional and workmanlike manner consistent with industry standards; (ii) the Platform will materially conform to the Documentation; and (iii) OFFENSAI will not knowingly include viruses or other malicious code in the Platform.

  3. DISCLAIMER EXCEPT AS EXPRESSLY SET FORTH IN SECTION 10(b), THE PLATFORM AND SERVICES ARE PROVIDED "AS IS" AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, OFFENSAI DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, INTEGRATION, AVAILABILITY, SECURITY AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. OFFENSAI DOES NOT WARRANT THAT: (i) THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE OR COMPLETELY SECURE; (ii) THE PLATFORM WILL DETECT ALL VULNERABILITIES IN YOUR CUSTOMER ENVIRONMENT; (iii) THE SERVICES WILL MEET YOUR SPECIFIC REQUIREMENTS OR EXPECTATIONS; (iv) ANY ERRORS OR DEFECTS WILL BE CORRECTED WITHIN A SPECIFIC TIMEFRAME; (v) THE PLATFORM WILL BE COMPATIBLE WITH ALL SYSTEMS, SOFTWARE OR HARDWARE; OR (vi) USE OF THE PLATFORM WILL ENSURE YOUR CUSTOMER ENVIRONMENT IS SECURE FROM ALL THREATS. YOU ACKNOWLEDGE THAT AI AND MACHINE LEARNING TECHNOLOGIES, BY THEIR NATURE, MAY PRODUCE IMPERFECT RESULTS AND THAT THE PLATFORM'S PERFORMANCE MAY VARY BASED ON MULTIPLE FACTORS INCLUDING BUT NOT LIMITED TO THE COMPLEXITY OF YOUR ENVIRONMENT, THE EVOLVING THREAT LANDSCAPE AND THE INFORMATION PROVIDED TO THE PLATFORM.

11. Limitation of Liability

  1. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL OFFENSAI BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, BUSINESS, REVENUES, SAVINGS, DATA, GOODWILL, CUSTOMERS OR CONTRACTS, BUSINESS INTERRUPTION, OR COST OF REPLACEMENT SERVICES, HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY, WHETHER OFFENSAI WAS ADVISED OF, KNEW OR HAD REASON TO KNOW OF THE POSSIBILITY OF SUCH DAMAGES, AND WHETHER OR NOT THE REMEDIES PROVIDED HEREIN FAIL OF THEIR ESSENTIAL PURPOSE. TO THE MAXIMUM EXTENT PERMITTED BY LAW, OFFENSAI'S AGGREGATE LIABILITY ARISING OUT OF RELATED TO THE AGREEMENT IS LIMITED TO THE AMOUNT OF FEES PAID BY YOU TO OFFENSAI DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

  2. The limitations in Sections 11(a) do not apply to: (i) either Party's indemnification obligations under Section 12; (ii) your payment obligations under Section 5; (iii) your breach of Section 6(c) (Prohibited Uses) or other unauthorized use of the Platform; (iv) either Party's breach of Section 9 (Confidentiality); (v) either party's gross negligence or willful misconduct; or (vi) liabilities that cannot be limited under applicable law. You acknowledge that the limitations of liability in this Section 11 are fundamental elements of the basis of the bargain between you and OFFENSAI, and that OFFENSAI would not provide the Services without these limitations.

12. Indemnification

  1. OFFENSAI Indemnification OFFENSAI will defend you, your Affiliates and their respective officers, directors, managers, employees, agents and permitted successors and assigns (each, a "Customer Indemnitee") against any third-party claim that the Platform, when used in accordance with this Agreement, infringes or misappropriates that third party's intellectual property rights, and will indemnify the Customer Indemnitee from any damages, costs and reasonable attorneys' fees finally awarded against it or agreed to in a settlement approved by OFFENSAI resulting from such claim, provided that the Customer Indemnitee: (i) promptly notifies OFFENSAI in writing of the claim (and any delay in providing such notice will not relieve OFFENSAI of its obligations hereunder, except to the extent that OFFENSAI is materially prejudiced by the delay); (ii) grant OFFENSAI sole control of the defense and settlement of the claim (provided that OFFENSAI may not settle in a manner that imposes liability or obligations on a Customer Indemnitee without the Customer Indemnitee's prior written consent, such consent not to be unreasonably withheld or delayed); and (iii) provide reasonable cooperation in the defense at OFFENSAI's reasonable expense. If any Platform component is or is likely to become subject to an infringement claim, OFFENSAI may, at its option: (1) obtain the right for the Customer Indemnitee to continue using it; (2) replace or modify it to make it non-infringing; or if the foregoing options (1) and (2) are not commercially feasible, (3) terminate access to the infringing component and refund to you the portion of any Fees paid by you in respect of the impacted component less a pro-rata reduction for use. This indemnification obligation does not apply to claims arising from: (A) modification of the Platform other than by OFFENSAI; (B) combination of the Platform with products or services not provided by OFFENSAI; (C) use of the Platform in violation of this Agreement; or (D) continued use after OFFENSAI has provided notice to discontinue use. This Section 12 states OFFENSAI's sole liability and any Customer Indemnitee's exclusive remedy for third-party intellectual property infringement claims.

  2. Customer Indemnification You will defend OFFENSAI, its Affiliates and their respective officers, directors, managers, employees, agents and permitted successors and assigns (each, an "OFFENSAI Indemnitee") against any third-party claim arising from: (i) your breach of this Agreement; (ii) your Customer Environment; (iii) your violation of applicable laws or third-party rights; (iv) allegations that Customer Data infringes or misappropriates third-party intellectual property rights or privacy rights; or (v) your conduct of security testing against unauthorized systems or networks. You will indemnify the OFFENSAI Indemnitee from any damages, costs and reasonable attorneys' fees finally awarded against the OFFENSAI Indemnitee or agreed to in a settlement approved by you, provided the OFFENSAI Indemnitee: (1) promptly notifies you in writing of the claim (and any delay in providing such notice will not relieve you of your obligations hereunder, except to the extent that you are materially prejudiced by the delay); (2) grants you control of the defense and settlement (provided that you may not settle in a manner that imposes liability or obligations on an OFFENSAI Indemnitee without the OFFENSAI Indemnitee's prior written consent, such consent not to be unreasonably withheld or delayed); and (iii) provides reasonable cooperation in the defense at your reasonable expense.

13. Data Privacy and Protection

  1. Data Privacy OFFENSAI collects, uses, and protects information in accordance with its Privacy Policy available at /privacy. You consent to such collection, use and protection of information, including Personal Data.

  2. Data Protection Each Party will comply with all applicable Data Protection Laws in its performance under this Agreement.

  3. Data Processing To the extent OFFENSAI Processes Personal Data on your behalf, OFFENSAI will Process it in accordance with the Data Protection Addendum attached hereto as Schedule 2 and fully incorporated herein by this reference.

  4. Security Incident Notification If OFFENSAI becomes aware of a Security Incident, OFFENSAI will: (i) notify you without undue delay and no later than 48 hours after becoming aware; (ii) investigate and take reasonable steps to remediate the Security Incident; (iii) provide you with information about the Security Incident; and (iv) reasonably cooperate with your investigation and response efforts. You acknowledge that this Section 13(d) is not an acknowledgment by OFFENSAI of fault or liability.

  5. Data Retention OFFENSAI will retain Customer Data during the Term and for 30 days after termination to allow you to export your data. After this period, OFFENSAI will delete Customer Data in accordance with its standard deletion practices, except as required to comply with legal obligations.

  1. OFFENSAI respects content owner rights, and it is our policy to respond to alleged copyright infringement notices that comply with the United States Digital Millennium Copyright Act, 17 United States Code Section 512 (the "DMCA"). If you believe that your copyrighted work has been used in a way that constitutes copyright infringement and is accessible via the Services, please notify our copyright agent as set forth in the DMCA. For your notification to be valid under the DMCA, you must provide all of the following information in writing:

    a. An electronic or physical signature of a person authorized to act on behalf of the copyright owner;

    b. Identification of the copyrighted work that you claim has been infringed;

    c. Identification of the material that is claimed to be infringing and where it is located on the Services;

    d. Information reasonably sufficient to permit us to contact you, such as your address, telephone number and e-mail address;

    e. A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent or law; and

    f. A statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner.

    Your notification including the above information must be submitted to OFFENSAI's DMCA Agent, as follows:

    Attention: OFFENSAI DMCA Agent Address: 6770 Stanford Ranch Road, #1309, Roseville, CA 95678 Email: legal@offensai.com (please put "DMCA" in email subject line)

  2. UNDER U.S. FEDERAL LAW, IF YOU KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY AND CIVIL PENALTIES, INCLUDING MONETARY DAMAGES, COURT COSTS AND ATTORNEYS' FEES.

  3. Please note that this procedure is exclusively for notifying OFFENSAI and our Affiliates that your copyrighted material has been infringed. The preceding requirements are intended to comply with our rights and obligations under the DMCA, but do not constitute legal advice. It may be advisable to contact an attorney regarding your rights and obligations under the DMCA and other applicable laws.

  4. In accordance with the DMCA and other applicable law, OFFENSAI has adopted a policy of terminating, in appropriate circumstances, users who are deemed to be repeat infringers. We may also at our sole discretion limit access to the Services and/or terminate the account of any user who infringes any intellectual property rights of others, whether or not there is any repeat infringement.

15. General Provisions

  1. Entire Agreement This Agreement, including all Service Orders and documents incorporated by reference, constitutes the entire agreement between the Parties regarding the Services and supersedes all prior or contemporaneous agreements, communications and understandings, whether written or oral. This Agreement may only be modified by a written amendment signed by both Parties or as expressly permitted in Section 15(b).

  2. Modifications to Agreement OFFENSAI may modify this Agreement from time to time by posting the modified version on its website at https://www.offensai.com and/or by providing notice to you. If you continue to use the Services after the modification becomes effective, you agree to be bound by the modified Agreement. If you do not agree to a modification, you may terminate this Agreement in accordance with Section 4.

  3. Notices All notices required or permitted under this Agreement must be in writing and will be deemed given: (i) when delivered personally; (ii) one Business Day after being sent by a nationally recognized overnight courier; (iii) three Business Days after being sent by certified or registered mail, return receipt requested; or (iv) when the email is sent (provided no bounce-back or error message is received), if sent by email to the addresses specified below.

    Notices to OFFENSAI should be sent to:

    OFFENSAI, Inc. 6770 Stanford Ranch Road, #1309 Roseville, CA 95678 Attention: Legal Department Email: legal@offensai.com

    Notices to you will be sent to the address and email you provided in your Service Order or account registration. Either Party may update its notice information by providing written notice to the other Party.

  4. Governing Law and Jurisdiction This Agreement will be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of laws principles. Each Party consents to the exclusive and mandatory jurisdiction and venue of the federal and state courts located in Sacramento, California for any claims or disputes arising out of or relating to this Agreement ("Dispute") and waives any right to object to jurisdiction and venue. The Parties agree that the Uniform Computer Information Transactions Act will not apply to this Agreement.

  5. Dispute Resolution, Attorneys' Fees The Parties will first attempt to resolve any Dispute through good faith negotiations between senior executives. If the Dispute is not resolved within 30 days, it will be resolved exclusively in the courts specified in Section 15(d). The prevailing Party in any Dispute will be entitled to recovery of its reasonable attorneys' fees and costs.

  6. Waiver No waiver of any provision of this Agreement will be effective unless in writing and signed by the Party against whom the waiver is sought to be enforced. No failure or delay in exercising any right or remedy will constitute a waiver of that or any other right or remedy.

  7. Severability If any provision of this Agreement is held invalid, illegal or unenforceable, the remaining provisions will remain in full force and effect, and the invalid provision will be modified to the minimum extent necessary to make it valid and enforceable while preserving the Parties' original intent.

  8. Assignment You may not assign or transfer this Agreement or any rights or obligations under this Agreement without OFFENSAI's prior written consent, and any attempted assignment without such consent is void. OFFENSAI may assign this Agreement (i) to an Affiliate or (ii) in connection with a Change of Control, upon notice to you. Any attempted assignment in contravention of this Section is null and void. This Agreement binds and benefits each Party's successors and permitted assigns.

  9. Force Majeure Neither Party will be liable for any failure or delay in performance due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, riots, civil disorder, government actions, labor disputes or Internet service interruptions, provided that, the Party claiming such cause has taken commercially reasonable steps to prevent such cause ("Force Majeure Event"). The affected Party will promptly notify the other Party and use reasonable efforts to resume performance. If a Force Majeure Event prevents performance for more than 30 days, either Party may terminate the affected Services upon written notice.

  10. Independent Contractors The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship. Neither Party has authority to bind the other Party or make commitments on the other Party's behalf.

  11. Third-Party Beneficiaries This Agreement does not confer any rights or benefits on any third party except as expressly provided herein.

  12. Publicity OFFENSAI may identify you as a customer and use your name and logo in customer lists, marketing materials and press releases, unless you notify OFFENSAI in writing that you object. All other uses of your name, logo or trademarks require your prior written consent.

  13. No Advice OFFENSAI provides security testing tools and services but does not provide legal, compliance or security consulting advice. You should consult with qualified professionals regarding your specific security and compliance needs.

  14. Export Controls You acknowledge that the Platform and Services may be subject to U.S. export control laws and regulations. You agree to comply with all applicable export laws and regulations and will not export, re-export or transfer the Platform or Services in violation of such laws. You represent that you are not located in, under the control of, or a national or resident of any country to which the United States has embargoed goods or services, and that you are not on any U.S. government list of prohibited or restricted parties.

  15. U.S. Government Rights The Platform and Services are commercial computer software and commercial computer software documentation developed exclusively at private expense. If you are a U.S. government entity, you acquire only those rights specified in this Agreement, consistent with FAR 12.212 and DFARS 227.7202.

  16. Counterparts This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will constitute one agreement. Electronic signatures will have the same effect as original signatures.

  17. Order of Precedence In the event of a conflict between documents forming this Agreement, the order of precedence is: (1) the applicable Service Order, (2) this MSA, (3) the Documentation.

16. Acceptance

BY CLICKING "I AGREE," ACCESSING THE PLATFORM OR USING THE SERVICES AS APPLICABLE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

17. Contact Information

For questions about this Agreement or the Services, contact:

OFFENSAI, Inc. 6770 Stanford Ranch Road, #1309, Roseville, CA 95678 Email: legal@offensai.com Website: www.offensai.com

Schedule 1: Service Level Agreement

OFFENSAI, Inc. ("OFFENSAI") provides the dynamic, AI-powered OFFENSAI cloud security testing platform available at https://www.offensai.com, enabling continuous security testing, vulnerability assessment, attack simulation, remediation and compliance monitoring for customers' online environments and systems ("Platform"). This Service Level Agreement ("SLA") sets forth the uptime and support service levels for the Platform. The SLA applies only to registered customers ("Customers") of OFFENSAI. Any capitalized terms in this SLA, if not defined below, are as defined in OFFENSAI's Master Service Agreement available at /terms ("Agreement").

1. Definitions

  1. "Available" or "Availability" means that the Platform is accessible and functioning in all material respects per OFFENSAI's published documentation.

  2. "Calendar Month" means the period between the first day of each successive calendar month.

  3. "Downtime" means the minutes during the Calendar Month when the Platform is not Available to the Customer, except for any Excluded Minutes.

  4. "Excluded Minutes" means the minutes elapsed while the Platform is not Available because of: (i) acts or omissions of the Customer, its users, licensors, service providers, suppliers or subcontractors; (ii) breach of the Agreement by the Customer or its users; (iii) the Customer's or its users' failure to adhere to the OFFENSAI Documentation; (iv) software, hardware or third-party services not selected, provided or controlled by OFFENSAI; or (v) a Force Majeure Event.

  5. "Incident" means a problem reported by the Customer that is reproducible and that OFFENSAI confirms is a nonconformity of the Platform with OFFENSAI's published specifications or other Documentation, and that results in a loss of all functionality or substantial features or functionality within the Platform.

  6. "Level 1 Support" means call answering, logging and screening for the severity level of a reported problem and use of commercially reasonable efforts to diagnose the root cause of the problem. Problems that are confirmed to be Incidents will be escalated to Level 2.

  7. "Level 2 Support" means end user support following Level 1 Support to address Incidents in accordance with their relative severity.

  8. "Maximum Uptime" means total minutes in a Calendar Month minus Maintenance Minutes during the same Calendar Month.

  9. "Maintenance Minutes" means the minutes elapsed during maintenance performed by OFFENSAI that results in the Platform not being Available, where OFFENSAI has provided the Customer with reasonable advance notice.

  10. "Response Time" means the minutes elapsed between when OFFENSAI acknowledges receipt of Customer's request for Support Services (defined below) and when the request is resolved as determined in OFFENSAI's sole discretion.

  11. "Uptime Percentage" means the Maximum Uptime minus Downtime and divided by Maximum Uptime for a Calendar Month.

2. Uptime

  1. OFFENSAI will use commercially reasonable efforts to make the Platform Available each Calendar Month in accordance with the following Uptime Percentage: ≥ 99.50%.

  2. OFFENSAI maintains a standing scheduled maintenance window of 09:00 AM - 10:00 AM (Pacific Time Zone) on Saturdays, as needed. OFFENSAI may schedule additional scheduled Downtimes outside of the standing scheduled maintenance window by providing the Customer with reasonable advance notice via the agreed upon communication protocol. OFFENSAI reserves the right to perform regularly scheduled maintenance during non-core Business Hours.

3. Support

  1. OFFENSAI will provide Level 1 Support and Level 2 Support as described herein ("Support Services").

  2. OFFENSAI will use commercially reasonable efforts to make available to the Customer email reporting via support@offensai.com (or such other email designated by OFFENSAI) for submission of Support Services requests. OFFENSAI will acknowledge each submitted email request within the time period described in the tables below, after OFFENSAI's receipt.

  3. OFFENSAI will use commercially reasonable efforts to update the Customer on the status of the Support Services request.

  4. OFFENSAI will prioritize resolving Support Services requests for an Incident that, as determined in OFFENSAI's sole discretion, critically impacts use of the Platform, over all other Support Services requests. OFFENSAI will provide the Support Services during Business Hours.

Severity LevelDefinitionExample
1: CriticalBusiness outage or significant Customer impact that threatens future productivityMany or all users are unable to access the Platform; Platform response time is severely degraded from standard
2: UrgentHigh-impact problem where production is proceeding, but in a significantly impaired fashion; there is a time-sensitive issue important to long term productivity that is not causing an immediate work stoppageCertain users are unable to access the Platform; Platform performance is unstable
3: ImportantImportant issue that does not significantly impact current productivityUser requires a patch for non-emergency break-fix situation
4: InformationalRequest for information or enhancement, or minor technical issue with only a minor impact on Customer productivityUser desires a new Platform feature or function
Severity LevelReceipt AcknowledgedRestoration Target
1: Critical4 Business HoursWithin 8 Business Hours
2: Urgent4 Business HoursWithin 48 Business Hours
3: Important1 Business DayTo be determined with proposed course of action (e.g., next release)
4: Informational1 Business DayTo be determined with proposed course of action (e.g., next release)

4. Reporting

  1. Upon Customer's written request up to once per calendar quarter, OFFENSAI will send Customer a report for the requested quarter during the Term, including the following information: (i) average Response Time for the applicable quarter; (b) list of common user issues for which Support Services requests were submitted in the applicable quarter; and (c) any recommendations that OFFENSAI made to the Customer or mitigation plans that OFFENSAI implemented, to reduce the frequency of occurrence of a particular user issue. OFFENSAI will provide the report within 10 Business Days after receipt of the request.

  2. OFFENSAI will measure the Response Time for each Support Services request received in a calendar quarter and will calculate the total Response Time by summing the Response Time for all Support Services requests received in a calendar quarter. The average Response Time for a calendar quarter will be calculated by dividing the total Response Time by the total number of Support Services requests received in a calendar quarter. The Parties may establish mutually agreed recommendations or mitigation plans intended to address concerns with reported Response Times.

Document Version: 1.0