VibeReview VibeReview
Sign in Get started

we45, Inc. · VibeReview

AI Disclaimer

Limitations of VibeReview's AI-generated threat models, guardrails, and PR reviews.

Effective May 22, 2026

Effective Date: May 22, 2026

Last Updated: May 22, 2026

This AI Disclaimer and Limitations Agreement ("AI Disclaimer") supplements and is incorporated into the Terms of Service and End User License Agreement between you and we45, Inc., doing business as VibeReview ("Company," "we," "us," or "our"). This AI Disclaimer specifically addresses the use of artificial intelligence and machine learning technologies within the VibeReview platform.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE TERMS OF THIS AI DISCLAIMER.

1. Nature of AI-Generated Outputs

1.1 What the AI Does

VibeReview uses artificial intelligence and machine learning models to:

  • Analyze repository code structure, dependencies, and architectural patterns
  • Generate threat models identifying potential security vulnerabilities and attack vectors
  • Create security guardrails (do/don't rules) tailored to your codebase
  • Review pull request diffs against established guardrails
  • Map identified threats to industry frameworks (OWASP Top 10, CWEs, Cisco AI Security Taxonomy)
  • Generate code profile metadata for security dashboards

1.2 Probabilistic Nature of AI

AI-generated outputs are inherently probabilistic. Unlike deterministic software that produces the same output for the same input every time, AI models generate outputs based on learned patterns and statistical inference. This means:

  • False Positives: The AI may flag code patterns as security risks when they are not actually vulnerable in your specific context.
  • False Negatives: The AI may fail to identify actual security vulnerabilities, including novel attack vectors, complex multi-step exploits, business logic flaws, or vulnerabilities specific to your deployment environment.
  • Inconsistency: The AI may produce different outputs for similar or identical inputs across different analysis runs.
  • Hallucinations: The AI may generate plausible-sounding but incorrect threat descriptions, guardrails, or recommendations that do not accurately reflect the actual security posture of your code.
  • Staleness: AI models are trained on data up to a certain point in time and may not reflect the latest vulnerability disclosures, attack techniques, or security best practices.

2. What AI-Generated Outputs Are NOT

AI-generated outputs from the Service ARE NOT and should not be treated as:

  • A comprehensive security audit. The Service analyzes code structure and patterns but does not perform dynamic analysis, penetration testing, runtime testing, or full application security assessments.
  • A compliance certification. While the Service maps findings to frameworks like OWASP and CWEs, its outputs do not constitute certification or attestation of compliance with any standard, regulation, or law (including SOC 2, ISO 27001, PCI DSS, HIPAA, or GDPR).
  • Professional security advice. AI outputs are informational and advisory. They are not a substitute for qualified human security professionals, security architects, or legal counsel.
  • A guarantee of security. No tool, including ${PRODUCT}, can guarantee that software is free from vulnerabilities. Use of the Service does not ensure that your application is secure.
  • Legal advice. Any references to regulations, compliance frameworks, or legal requirements in AI outputs are for informational purposes only and do not constitute legal advice.

3. Your Responsibilities

By using the Service, you agree that:

  • 3.1 You will not rely solely on AI-generated outputs as your only security measure. The Service is designed to complement, not replace, existing security practices.
  • 3.2 You will have AI-generated threat models, guardrails, and review comments reviewed by qualified personnel before acting on them in production environments.
  • 3.3 You are solely responsible for the security of your applications, systems, and data, regardless of your use of the Service.
  • 3.4 You will maintain other appropriate security measures, including but not limited to: code review by qualified developers, static and dynamic application security testing (SAST/DAST), penetration testing, dependency scanning, infrastructure security controls, and incident response planning.
  • 3.5 You will promptly report to us any AI-generated output that you believe is materially incorrect, misleading, or harmful.
  • 3.6 You understand that editing or customizing guardrails is your responsibility, and the Company is not liable for the consequences of guardrails you have modified.

4. AI Model and Data Processing

4.1 Third-Party AI Models

The Service may utilize third-party AI models and services to generate outputs. We select and configure these models with security in mind, but we do not control the underlying model architectures or training data.

4.2 No Training on Your Code

We do not use your source code or proprietary repository data to train our AI models or any third-party models. Source code is processed transiently for analysis purposes only and is not retained for model training. Repository metadata may be used in anonymized, aggregated form to improve the Service.

4.3 Data Minimization

We follow data minimization principles in our AI processing. Only the metadata necessary for threat modeling and guardrail generation is extracted and retained. Full source code is not stored.

5. Limitation of Liability for AI Outputs

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

5.1 THE COMPANY SHALL NOT BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS, OR EXPENSES ARISING FROM OR RELATED TO: (A) ERRORS, INACCURACIES, OR OMISSIONS IN AI-GENERATED OUTPUTS; (B) SECURITY VULNERABILITIES THAT THE AI FAILED TO DETECT; (C) FALSE POSITIVE FINDINGS THAT LED TO UNNECESSARY REMEDIATION EFFORTS; (D) YOUR RELIANCE ON AI-GENERATED OUTPUTS WITHOUT INDEPENDENT VERIFICATION; OR (E) DECISIONS MADE BASED ON AI-GENERATED THREAT MODELS, GUARDRAILS, OR REVIEW COMMENTS.

5.2 THE COMPANY MAKES NO WARRANTY, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, COMPLETENESS, RELIABILITY, TIMELINESS, OR FITNESS FOR ANY PARTICULAR PURPOSE OF AI-GENERATED OUTPUTS.

5.3 IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY SECURITY BREACH, DATA LOSS, REGULATORY PENALTY, OR OTHER HARM THAT OCCURS DESPITE OR BECAUSE OF THE USE OF AI-GENERATED OUTPUTS FROM THE SERVICE.

6. Assumption of Risk

You expressly assume all risk associated with the use of AI-generated outputs. You acknowledge that:

  • AI technology is evolving and imperfect
  • Security threats are constantly changing and no AI system can anticipate all future threats
  • The accuracy of AI outputs depends on factors outside the Company's control, including the quality and completeness of your codebase, the complexity of your application architecture, and the novelty of attack vectors
  • The Service is one component of a comprehensive security strategy and should not be your sole defense

7. Indemnification for AI-Related Claims

You agree to indemnify, defend, and hold harmless the Company from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from: (a) your reliance on AI-generated outputs without adequate independent verification; (b) security incidents that occur in systems analyzed by the Service; (c) third-party claims arising from your use of AI-generated guardrails, threat models, or review comments; or (d) your failure to implement appropriate security measures beyond those suggested by the Service.

8. Changes to AI Capabilities

We may modify, update, retrain, or replace the AI models used in the Service at any time. Such changes may affect the outputs generated by the Service. We will use reasonable efforts to maintain or improve output quality but cannot guarantee consistency across model versions.

9. Regulatory and Compliance Notice

If you operate in a regulated industry (e.g., financial services, healthcare, government, critical infrastructure), you are responsible for ensuring that your use of AI-generated security outputs complies with all applicable regulations. The Service is not designed or certified for use as a sole compliance tool in regulated environments.

10. Feedback and Reporting

If you identify materially incorrect, misleading, or harmful AI-generated outputs, please report them to legal@we45.com. We take accuracy concerns seriously and will investigate reported issues to improve the Service. Reporting issues does not create any obligation on our part to correct specific outputs or guarantee future accuracy.

11. Severability and Survival

If any provision of this AI Disclaimer is found to be unenforceable, the remaining provisions shall remain in full force. Sections 2, 4.2, 5, 6, and 7 survive termination of the underlying Terms of Service and EULA.

12. Contact

For questions about this AI Disclaimer:

we45, Inc.

30 N Gould St, Sheridan, WY 82801

Email: legal@we45.com

Website: https://vibereview.app