Purple Firefish logoPurple Firefish

AI Pentest Safety And Authorization

Purple Firefish pentesting is for authorized defensive testing only. The platform is safe-by-default and should fail closed when scope, target, or run-mode requirements are missing.

Authorization Scope

Every engagement should record:

Campaigns should not run without this metadata.

Safe Defaults

Evidence Controls

Evidence should use:

Do not display raw malicious prompt text, real credentials, real secrets, or full tool payloads in normal UI or public docs.

What Firefish Does Not Claim

Firefish does not guarantee security, certify compliance, or replace human authorization and review. It provides local controls, repeatable tests, and evidence to support a broader security program.