important

AI Disclaimer

Last updated: April 19, 2026

1. Snitch uses AI

Snitch is a security audit framework that runs inside AI coding tools and AI agent runtimes (Claude, Codex, Cursor, Hermes, OpenClaw, and others). The actual scan, analysis, and report generation are performed by an AI model that reads your code and applies the Snitch methodology.

2. AI can make mistakes

AI models are imperfect. Even with the anti-hallucination rules, evidence requirements, and category guidance Snitch provides, an AI can still:

  • Miss real vulnerabilities (false negatives)
  • Flag safe code as vulnerable (false positives)
  • Misjudge severity or exploitability
  • Produce fixes that introduce new bugs
  • Misunderstand the business context of your code
  • Fabricate file paths, line numbers, or details despite guardrails designed to prevent it
  • When scanning a pull-request diff, misjudge code that looks risky in isolation but is safe in the full-file context, or miss a vulnerability that depends on unchanged code the AI never saw

3. Snitch is not a replacement for human review

Snitch is one layer in a defense-in-depth strategy. It is not a substitute for:

  • Professional security engineering review
  • Penetration testing or red-team engagement
  • Static or dynamic analysis tools used independently
  • Compliance certification or formal audit by a qualified third party
  • Code review by a human engineer who understands your system

Use Snitch alongside these practices, not instead of them.

4. You are responsible for what you ship

Findings produced by Snitch are recommendations from an AI model. You are solely responsible for:

  • Verifying every finding before acting on it
  • Reviewing every fix the AI applies before deploying it
  • Deciding whether the code you ship is fit for production
  • Maintaining your own backups, version control, and rollback plans
  • Securing the credentials, environments, and infrastructure you run Snitch against

5. Snitch is not responsible for AI actions

When you use Snitch inside an AI coding tool or autonomous agent, that AI may take actions on your behalf, including reading, writing, or modifying files. Snitch provides instructions and guardrails, but the actual execution is performed by the AI tool you are using.

Snitch is not liable for any loss, damage, security breach, data exposure, regulatory violation, business interruption, or other harm resulting from actions taken by an AI tool or agent based on Snitch findings, fix suggestions, or any other output.

This includes but is not limited to: AI-applied code changes that introduce new vulnerabilities, AI-generated fixes that break functionality, AI agents that act outside their intended scope, and any consequences of trusting AI output without independent verification.

6. Snitch is not a compliance tool

Snitch may produce templates or tagged findings that reference frameworks like HIPAA, SOC 2, PCI-DSS, GDPR, CCPA, SOX, ISO 27001, FedRAMP, or others. These are auditor aids, not compliance products.

Templates and tags exist to help your internal reviewers and an independent qualified auditor see what might be worth a conversation. They are not a certification, attestation, formal assessment, or evidence sufficient to pass any audit on their own. Snitch is not a CPA firm, QSA, ISO certification body, FedRAMP 3PAO, or any other accredited assessor.

If you are pursuing a regulatory or contractual compliance outcome, engage a qualified auditor and your own legal counsel. Do not rely on Snitch output as your basis for passing, presenting at, or relying on any audit. Snitch will not be the reason you pass a compliance audit, and Snitch is not liable if you fail one.

7. No warranty

Snitch is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that Snitch will identify every vulnerability, prevent every breach, satisfy every compliance requirement, or operate without error.

8. Acceptance

By using Snitch, you acknowledge that you have read this disclaimer, understand the limits of AI-assisted security review, and accept responsibility for the use of Snitch findings in your development and deployment processes.

See also our Terms of Service and Privacy Policy.

9. Contact

Questions about this disclaimer? Email legal@snitchplugin.com.

Snitch uses AI to generate findings. AI can make mistakes, miss issues, or flag false positives, even with guardrails. Snitch is not responsible for actions taken based on AI output. Read the full AI disclaimer