Liability and Fail-Safe Framework

Legal Protection Document - M&A Confidential

This document details how ABS Core v10.1.5 mitigates attacks and governance failures, protecting the operator from civil liability.

---

1. Fail-Safe Defaults (Default Deny)

The system operates under the principle of Default Deny. If the system fails to evaluate a rule (timeout, network error, engine error), the agent's action is automatically Blocked.

• Mitigation: This eliminates the risk of an "open pass" in case of a bug, one of the biggest liability concerns.

2. Attack Surface Reduction

• WASM Isolation: Each policy runs in a mathematical sandbox. An exploit in one rule cannot escalate privileges or read data from other rules.
• Input Sanitization: The native sanitizer.ts blocks Prompt Injection attempts even before policy evaluation.

3. Forensic Proof Record

Each decision generates a signed proof_hash. In the event of a legal dispute:

• The buyer can prove exactly why an action was blocked or permitted.
• This shifts the burden of proof against malicious user requests.

---

Conclusion: ABS Core is designed to Reduce Legal Liabilities. By automating compliance, we transform the uncertainty of AI into an auditable and secure log.