Early access terms
These terms describe responsible use, review boundaries, and early-access limitations for AI App Security Review. They should be reviewed before broader public launch.
Last updated
June 11, 2026
Overview
These terms describe the service, the early-access state, and the static review model.
These Terms of Use are provided for early access and should be reviewed before broader public launch.
By using AI App Security Review, you agree to use the product responsibly and only for projects you own or have permission to review.
AI App Security Review is a static security review tool for pre-launch apps. It reviews ZIP uploads and selected GitHub repositories for evidence-based launch blockers, warnings, and hardening suggestions.
The service generates reports from static signals such as file paths, bounded text files, configuration files, package information, and review findings.
Responsible use
The review is for projects you own or are authorized to review, and the report still requires human judgment.
You may only upload or import projects that you own, control, or have explicit permission to review.
Do not scan third-party code, private repositories, customer systems, or confidential projects unless you are authorized to do so.
The product does not execute uploaded or imported code. It does not install dependencies or run package-manager commands inside reviewed projects.
The review is static and limited to the signals available in the uploaded ZIP or selected repository contents.
The service is not a penetration test, not a compliance certification, and not a guarantee that an application is secure.
A report result should not be treated as permission to launch without engineering review, testing, configuration review, and judgment by the project owner.
You are responsible for reviewing findings, verifying evidence, applying fixes carefully, testing changes, and deciding whether your application is ready for users.
If the report flags exposed credentials, you are responsible for rotating those credentials and reviewing whether they were committed or exposed elsewhere.
Limits and abuse
Early access may change quickly, and usage limits exist to protect the service from cost and abuse.
Do not use the service to scan systems you do not have permission to review, harvest secrets, attack third-party systems, bypass access controls, or overload the service.
Do not submit malware, intentionally harmful payloads, or content designed to disrupt the review service or hosting environment.
The product is in early access. Features, limits, review coverage, GitHub behavior, report wording, and access rules may change.
The service may be changed, paused, rate-limited, or discontinued while the product is being tested and improved.
Limits may apply to scans, ZIP size, repository size, file size, timeouts, exports, and account access.
Free access is intentionally limited. Higher limits, saved sanitized reports, and workflow features may be introduced later.
Reports and services
Reports are for review and collaboration, and the product relies on a small set of service providers.
Reports and sanitized Markdown exports are provided for review and collaboration. They may include masked evidence, file locations, review summaries, and recommended fixes.
Review exported reports before sharing them with teammates or external parties, especially when findings mention credentials, private routes, customer data, or sensitive business logic.
The product may rely on third-party services for authentication, data storage, hosting, and GitHub import. Your use of those services may also be subject to their terms and policies.
GitHub import in this version is intended for read-only repository review and does not modify code during import.