Authorization Policy
Work is performed only under an agreed and authorized scope. No authorization, no test. No scope, no access.
1. Principle
Badlands Solutions conducts offensive AI testing, field-system integration and communications work only under explicit, documented authorization from the system owner or their designated representative. Work is performed solely within the agreed and authorized scope. We do not perform unauthorized testing, grey-hat research, or speculative probing of third-party systems.
2. No Unauthorized Testing Accepted
We do not accept, encourage or solicit unauthorized testing of systems we do not own or control. Any report of a vulnerability, weakness or exposure sent to us without proper authorization will be disregarded and, where appropriate, reported to the affected system owner and relevant authorities.
3. Scope Definition
Before any engagement, the following is documented and agreed in writing:
- Systems, IP ranges, models, hardware and personnel in scope
- Explicit out-of-scope items and no-test zones
- Test windows, time restrictions and blackout periods
- Success criteria and acceptable evidence formats
- Escalation paths and emergency contacts
4. Authorization Document
The authorization document is a signed agreement — physical or qualified electronic — that includes:
- Identity of the authorizing party and their capacity to authorize
- Description of authorized activities and techniques
- Rules of engagement, including stop conditions
- Liability and insurance provisions where required
- Data handling, retention and destruction obligations
5. Stop Conditions
Testing halts immediately if any of the following occur:
- Scope boundary is reached or exceeded
- System behavior indicates potential safety risk to operators or infrastructure
- Authorizing party revokes or suspends authorization
- Evidence of unintended third-party impact is discovered
- Legal or regulatory constraint changes during the engagement
6. No Guarantee of Disclosure
We do not disclose client names, specific system details, or engagement outcomes without explicit written consent. Case studies on this site are anonymized, sanitized and approved before publication. No public claim of work performed implies endorsement by the client.
7. Violations
Suspected unauthorized testing, impersonation, or fraudulent claims of affiliation with Badlands Solutions should be reported through the secure contact channel. We cooperate with law enforcement and regulatory authorities where legally required.
8. Contact
For authorization inquiries, contact us at contact@badlandssolutions.com. Secure communications can be encrypted using the PGP key associated with this address; fingerprint below.
9. PGP Key
Secure contact communications may be encrypted using the PGP public key for contact@badlandssolutions.com. The current fingerprint is:
The full public key is available at /pgp/contact.asc.
Registered Entity
Badlands Solutions sp. z o.o. · Gałczyńskiego 4m901, 00-362 Warszawa · KRS 0000896814 · NIP 5252860590 · REGON 388800808 · contact@badlandssolutions.com