# Your autonomous AI might get you in jail. Even if you gave it legal guideline...
Canonical: https://social-archive.org/tgroenwals/AXIS624Ymc
Original URL: https://www.linkedin.com/posts/intidc_bugbounty-pentesting-ethicalhacking-ugcPost-7454478546145726464-bAQy/
Author: Inti De Ceukelaire
Platform: linkedin
## Content
Your autonomous AI might get you in jail. Even if you gave it legal guidelines. The only thing that makes the act of hacking legal, is an authorized scope. Mistakes against the scope may result in severe damages, financial losses and prosecution. You are liable for the models you run. A single hallucination can ruin your career. In the example, the model *thinks* the system decodes the URL and moves up a directory, which would make it in scope. However, most systems will not do this. Here's what EVERYONE using autonomous AI for testing should do: ⦿ 𝐆𝐚𝐭𝐞𝐤𝐞𝐞𝐩 𝐲𝐨𝐮𝐫 𝐀𝐈: Run all traffic through a VPN or proxy that blocks requests that aren't in-scope ⦿ 𝐑𝐞𝐯𝐢𝐞𝐰 𝐥𝐢𝐚𝐛𝐢𝐥𝐢𝐭𝐲: talk to your insurer about model risk and check your customer contracts ⦿ 𝐀𝐮𝐝𝐢𝐭 𝐭𝐡𝐞 𝐚𝐠𝐞𝐧𝐭: Log and monitor the thinking patterns of your agent, not only its traffic! Bug bounty platforms like Intigriti help companies create crystal clear scopes which significantly reduce room for error. Better be safe than sorry! #BugBounty #Pentesting #EthicalHacking #ArtificialIntelligence #AI #LLM