Acceptable Use Policy

Effective Date: January 24, 2026

Version: 2.0

1. Overview

This Acceptable Use Policy (hereinafter referred to as "this Policy") sets forth the code of conduct that users must follow when using the AAU global telemetry network, API interfaces, and related physical nodes (collectively referred to as "Services"). AAU aims to provide researchers, compliance auditors, and developers with a neutral, transparent AI performance monitoring environment. We support legitimate Red Teaming and stress testing, but maintain a zero-tolerance policy toward any malicious abuse of our infrastructure.

2. Prohibited Activities

Users must not use AAU's global node network to engage in, facilitate, or encourage any activities that violate applicable laws, including but not limited to:

  • Child Sexual Abuse Material (CSAM): The generation, upload, or distribution of any content involving the exploitation of children is strictly prohibited. We will immediately report such activities to NCMEC and relevant law enforcement agencies.
  • Cyber Attack Infrastructure: AAU nodes must not be used as Command and Control (C2) servers, botnet nodes, or for launching Denial of Service (DDoS) attacks.
  • Fraud and Phishing: AI-generated content must not be used for financial fraud, social engineering attacks, or identity theft.
  • Terrorism and Extremism: The Services must not be used to promote violent extremism, recruit terrorists, or plan terrorist attacks.

3. AI Auditing & Red Teaming Special Provisions

Given that AAU's core function is to test the security boundaries of AI models, we make the following distinctions regarding "offensive testing":

3.1 Authorized Research

The following activities are permitted within authorized audit projects:

  • Prompt Injection Testing: Sending adversarial prompts (Jailbreak Prompts) to target models to assess model security by attempting to bypass their safety guardrails.
  • Bias Probing: Deliberately inducing models to output responses containing stereotypes or misinformation for the purpose of documenting evidence.
  • High-Concurrency Stress Testing: Testing target API response latency under high load within reasonable rate limits.

3.2 Prohibited Exploitation

The following activities are strictly prohibited:

  • Weaponized Deployment: Using harmful instructions obtained through "jailbreaking" (such as specific steps for manufacturing biochemical weapons) for actual harmful actions or public dissemination to cause social panic.
  • Mass Spam Generation: Using AAU's multi-node concurrent capabilities to automatically generate spam, fake reviews, or conduct large-scale opinion manipulation (Astroturfing).
  • Service Disruption Attacks: Deliberately sending malformed data packets intended to cause target model server crashes or memory overflow.

4. Node and Network Security Guidelines

To maintain the stability of our global node cluster, users must comply with the following technical specifications:

  • IP Spoofing: Users must not tamper with packet header information to forge request origins. AAU's transparency principle requires all telemetry requests to be traceable.
  • Bandwidth Abuse: While we provide high-performance networking, if your single test task consumes more than 30% of a node's total bandwidth resources and affects other users, we reserve the right to implement temporary Throttling.
  • Reverse Engineering: Attempting to probe, scan, or test vulnerabilities in AAU's own infrastructure, or reverse-analyzing our routing protocols, is prohibited.

5. Geo-Compliance

AAU operates physical nodes across multiple legal jurisdictions. When using specific nodes, users must comply with the laws and regulations of the node's location:

  • Frankfurt Node: Must strictly comply with the General Data Protection Regulation (GDPR) and Germany's Network Enforcement Act (NetzDG). Testing the generation of Nazi symbols or hate speech, which are illegal in Germany, is strictly prohibited.
  • Dubai Node: Must comply with UAE laws regarding cybercrime and religious respect.
  • Singapore/Tokyo Nodes: Must comply with local regulations regarding copyright and cybersecurity.

Liability Attribution: Users are responsible for understanding and complying with the local laws of every node through which their traffic passes. AAU serves only as a technical conduit and bears no responsibility for user content that violates local laws.

6. Third-party Platform Rights

AAU is a telemetry conduit connecting users with third-party models (such as OpenAI, Google, Anthropic, etc.).

  • Users must simultaneously comply with the terms of service and usage policies of the target model providers.
  • If a third-party model provider reports specific user abuse to AAU (such as API Key abuse), we will suspend that user's access privileges after verification.

7. Enforcement

If we discover or receive reports that a user has violated this Policy, AAU will take the following measures based on the severity of the violation:

  • Warning: Sending a remediation notice for minor, non-malicious violations.
  • Isolation: Temporarily redirecting user traffic to a sandbox environment.
  • Ban: Permanently terminating the account and prohibiting the organization from re-registering.
  • Referral: For serious illegal activities, we will cooperate with law enforcement agencies in relevant jurisdictions for investigation.

8. Policy Updates

AAU reserves the right to update this Policy at any time. For significant changes (such as tightening the definition of Red Teaming), we will notify users 30 days in advance. Continued use of the Services constitutes acceptance of the revised terms.