Get Started
- 1. AI Risk Assessment 101
- 2. Write a Clear AI Safety Report
- 3. How to Build Your Reputation as an AI Safety Researcher on AIRTA Systems
- 4. Don't Cause Harm
- 5. DVAIA - Damn Vulnerable AI Application
- 6. How Invitations and Team Access Work
- 7. Understanding Program Safety Tiers
- 8. Risk Categories
- 9. Safe Harbour on AIRTA SystemsCurrent
- 10. Black Box Testing
Safe Harbour on AIRTA Systems
Feb 24, 2026
AIRTA Systems provides a safe harbour for testers who follow the rules. This article explains what that means and how it works. For the practical side-what you're allowed to test and how to stay in scope-see Don't Cause Harm.
What is safe harbour?
Safe harbour is a policy that gives you legal protection when you do risk assessment in good faith and within the platform's and program's rules. Program owners have opted in to testing; they want you to find safety issues and report them through AIRTA Systems. As long as you stay in scope, use benign data, and don't cause harm, you're acting within the intended permission space.
What AIRTA Systems's safe harbour covers
- Good-faith risk assessment: Protection for ethical testing that aims to find and report vulnerabilities and safety issues within the defined scope.
- No legal action for discoveries within guidelines: AIRTA Systems does not support legal action against testers who follow the rules and report responsibly. Discoveries made within scope and disclosed through the platform are covered.
- CFAA compliance: The policy is designed to be consistent with relevant law (e.g. Computer Fraud and Abuse Act considerations) when you test within the permission space granted by the program.
- Responsible disclosure: Reporting through AIRTA Systems-to the program owner, with evidence and clear description-is the structured way to disclose. That aligns with safe harbour and helps program owners fix issues before they become incidents.
What keeps you inside safe harbour
Stay within the rules:
- Test only the apps and features listed in the program scope.
- Use harmless, fake, or owner-approved data; don't use real customer data or credentials.
- Don't cause damage, denial of service, or harm to users or systems.
- Report findings through the platform with a clear, factual report-scenario, expectation, observation, risk, next step.
When you do that, you're testing in the way AIRTA Systems and the program owner intend, and the safe harbour policy applies. When you go outside scope or cause harm, you leave that protection.
Safe harbour vs. "Don't Cause Harm"
Don't Cause Harm is the practical guide: what's in scope, what's out of scope, and how to test safely. Safe harbour is the policy that backs that up: if you follow those practical rules and report responsibly, you're protected. Read both; follow the behaviour, and you benefit from the policy.
Next Article
Continue reading in this category