Legal · Automated Systems
AI & Automated Systems Disclaimer
Last updated: March 2026 · All legal documents
1. Automated Systems in the AegisWire Platform
The AegisWire platform incorporates automated systems including, but not limited to:
- Policy enforcement engines that automatically permit or deny network sessions based on configured rules and real-time trust assessments.
- Post-quantum cryptographic key exchange and session establishment mechanisms (hybrid ML-KEM-1024 with X25519, ML-DSA-87 identity signatures, AES-256-GCM record encryption, BLAKE3 STREAMHEAL integrity) that operate without manual intervention.
- Device-posture attestation and admission controls that evaluate a connecting device’s security state against signed posture profiles before, or during, session establishment.
- Entity-graph and temporal-anomaly detectors that model relationships and behaviour across sessions and may generate alerts, surface recommendations, or feed automated policy responses.
- Session scoring and trust-level assignment systems that classify traffic and user behaviour against defined parameters.
- Automated certificate validation, revocation checking, and cryptographic posture assessment.
- Log analysis and audit trail generation systems.
These systems operate based on configurations, rules, thresholds, signed profiles, and parameters set by the Customer and/or AegisWire engineers. They are designed to assist human security and network operations teams — not to replace human judgement in high-stakes decisions.
The detection and device-posture admission capabilities described above are delivered through the AI Sentinel plugin, which is licensed separately from the core AegisWire platform. Where a Customer has not licensed AI Sentinel, those specific capabilities are not active in that Customer’s environment; the disclaimers in this document nonetheless apply to every automated system the Customer does operate.
Certain Sentinel detector families additionally depend on cryptographically signed artefacts being provisioned for the Customer’s deployment — for example, learned-model detection requires a signed model package verified for the Customer’s fleet, and threat-intelligence and device-posture detectors require their respective signed feeds or profiles. A licensed detector family that has not had its required signed artefact provisioned and verified does not execute, and produces no detections, in that environment. The tenant administration console reports each family’s actual execution state.
2. No Guarantee of Accuracy or Completeness
Automated systems, by their nature, are not infallible. AegisWire makes no representation or warranty, express or implied, that:
- Outputs, alerts, recommendations, or decisions produced by automated systems are accurate, complete, or free from error.
- Threat classifications, anomaly scores, entity-graph relationships, posture verdicts, or trust assessments reflect the true or complete state of a network environment or a connecting device.
- Automated policy decisions will correctly identify all threats or correctly permit all legitimate traffic in all circumstances.
- AI-assisted features will perform identically across different network environments, data sets, device fleets, or operational contexts.
- Any automated system within the platform is free from bias, incorrect pattern recognition, or false positives and false negatives.
3. Human Oversight Requirement
AegisWire strongly recommends that Customers:
- Maintain qualified human oversight of all automated policy enforcement decisions, particularly those that may block, restrict, or terminate network access for users or systems.
- Treat automated alerts, scores, posture verdicts, and recommendations as inputs to human decision-making processes, not as final determinations.
- Regularly review and audit automated system configurations, rules, thresholds, and signed posture profiles to ensure they reflect current operational requirements and security objectives.
- Test automated systems in non-production environments before relying on them for critical infrastructure or safety-sensitive operations.
- Establish escalation procedures for scenarios where automated systems produce ambiguous or conflicting outputs.
AegisWire is not liable for any loss, damage, disruption, or security incident that arises from a Customer’s failure to maintain appropriate human oversight of automated system outputs.
4. Automated Decision-Making and GDPR
Where the AegisWire platform is used in a manner that results in automated decisions with legal or similarly significant effects on natural persons (for example, denial of network access to an authorised employee based on a device-posture or anomaly verdict), the Customer, as data controller, is responsible for:
- Ensuring a lawful basis exists under applicable data protection law for such automated decision-making.
- Providing data subjects with appropriate information about automated decisions affecting them.
- Implementing a mechanism for data subjects to request human review of automated decisions where required by law.
- Complying with the requirements of GDPR Article 22 and equivalent provisions under applicable national law.
AegisWire, as data processor, will provide reasonable technical assistance to the Customer in facilitating compliance with these obligations upon written request. See the Data Processing Addendum for further details.
5. No Warranty for Security Outcomes
The use of AI-assisted threat detection, entity-graph or temporal-anomaly analysis, device-posture admission, policy enforcement, or any other automated security feature does not guarantee that the Customer’s network, systems, or data will be free from security incidents, breaches, unauthorised access, or data loss. AegisWire expressly disclaims any warranty that its automated systems will prevent all security incidents or provide complete protection against all threats.
Security is a shared responsibility. Customers remain responsible for their own security posture, incident response, and compliance with applicable security standards and regulations.
6. Third-Party AI Components
Certain features of the AegisWire platform may rely on or integrate with AI or machine-learning components supplied by third parties. AegisWire is not responsible for the accuracy, completeness, fairness, or reliability of outputs generated by third-party AI components. Where third-party AI is used, AegisWire will endeavour to disclose this in product documentation.
7. Limitation of Liability
To the maximum extent permitted by applicable law, ITLOX LTD (trading as AegisWire) shall not be liable for any loss, damage, claim, or expense arising directly or indirectly from:
- Reliance on any output, recommendation, alert, classification, posture verdict, or decision produced by an automated system within the platform.
- False positives or false negatives produced by anomaly detection, entity-graph analysis, device-posture admission, threat classification, or policy enforcement systems.
- Automated blocking or restriction of legitimate traffic or users.
- Failure of automated systems to detect, prevent, or respond to security threats.
- Any other consequence of automated system operation, misconfiguration, or unexpected behaviour.
This limitation is without prejudice to the general limitation of liability set out in the Terms of Service.
8. Contact
For questions about automated systems, AI features, or to report unexpected behaviour:
ITLOX LTD (trading as AegisWire)
Legal: legal@aegiswire.com
Security: security@aegiswire.com
AegisWire’s controls posture is built to the standards these audits examine — SOC 2, ISO 27001, GDPR, and HIPAA-style review. See the Trust Center for current scope.