1. Scope and Application
This AI Liability Framework applies to all AI-assisted products, platforms, and services developed or deployed by ClearGlass Inc., including:
- ARTEMIS — AI-powered risk command and threat intelligence platform
- GUARDIAN — AI-enhanced security operations and anomaly detection
- NEXUS — Live risk command and AI-driven analytics
- Custom AI models, classifiers, and decision-support tools developed for clients
- Large language model (LLM) integrations within security workflows
This framework applies to ClearGlass Inc. as an AI developer and operator. Clients using ClearGlass platforms to deploy AI in their own operations take on responsibility for that downstream deployment, subject to applicable law.
2. AI Governance Principles
ClearGlass Inc. designs and deploys AI systems according to the following foundational principles, aligned with Canada's Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems and emerging global AI governance standards:
Transparency
Clients are informed when AI is used in service delivery. AI-generated outputs are identified as such and not misrepresented as human analysis.
Accountability
ClearGlass takes organizational responsibility for the performance and impacts of our AI systems, with named ownership for each deployed model.
Fairness
AI systems are evaluated for bias and discriminatory outcomes. We take corrective action when disparate impact is identified in threat detection or risk scoring.
Safety
AI systems undergo security testing, adversarial robustness evaluation, and controlled rollout before production deployment in client environments.
Privacy by Design
Privacy considerations are embedded in AI system design from inception, not as an afterthought. Data minimization governs training and inference pipelines.
Explainability
Where technically feasible, AI outputs are accompanied by explanations of contributing factors, enabling human review and contestability of AI decisions.
3. Human Oversight Requirements
ClearGlass maintains that AI supplements, but does not replace, qualified human judgment in cybersecurity and risk management contexts. The following oversight requirements apply:
MANDATORY HUMAN REVIEW
- All AI-generated threat alerts classified as HIGH or CRITICAL severity require human analyst confirmation before client notification
- Automated incident response actions (e.g., IP blocking, account suspension) require human authorization except within pre-approved playbooks
- AI-generated legal, compliance, or regulatory recommendations are advisory only and require human expert validation
- Risk scores used in client-facing reports are reviewed by a qualified security professional before delivery
ClearGlass maintains logs of all AI-generated outputs and corresponding human review decisions for a minimum of 3 years, accessible to clients upon request for outputs relating to their data.
4. Limitation of AI Liability
AI systems are probabilistic and operate under uncertainty. ClearGlass makes no warranty that AI-assisted threat detection, risk scoring, or compliance recommendations will be free from error, omission, or false results (including false positives and false negatives).
LIABILITY LIMITATION
ClearGlass Inc. shall not be liable for any loss, damage, security incident, regulatory penalty, or harm arising from:
- Reliance on AI-generated outputs without independent human verification
- AI model errors, hallucinations, or adversarial manipulation by threat actors
- AI performance degradation due to data drift or out-of-distribution inputs
- Client actions taken solely on the basis of AI recommendations without human review
Aggregate liability for AI-specific failures is subject to the limitation of liability provisions in our Terms of Service, capped at fees paid in the preceding 12 months.
5. AI Training Data Practices
ClearGlass applies strict governance to data used in AI model training:
- No client data used for model training without written consent. Client operational data is never incorporated into shared model training pipelines without an explicit data sharing agreement.
- Synthetic and open data preferred. Where possible, ClearGlass trains models on synthetic data, public datasets, or ClearGlass-owned red-team data.
- Anonymization prior to any training use. If operational data is used under an authorized data sharing agreement, it is anonymized and aggregated before training use.
- Provenance logging. Training dataset provenance is logged for all production models, identifying data sources, collection dates, and applicable licenses.
- Right to deletion. Clients may request removal of their contributed data from training datasets where technically feasible (right to be forgotten).
6. Ethical AI Commitments
ClearGlass Inc. commits to the following ethical standards in AI development and deployment:
- We will not develop AI systems designed to cause harm to individuals, organizations, or critical infrastructure
- We will conduct bias audits on threat detection and risk scoring models before production deployment
- We will publish AI governance updates annually and maintain this framework as a living document
- We will engage with emerging Canadian AI regulation, including Bill C-27 (AIDA) as it progresses, and adapt practices accordingly
- We will maintain an internal AI ethics review process for all novel AI applications before deployment
7. Prohibited AI Uses
ClearGlass Inc. prohibits the following uses of its AI platforms and services:
- Development or enhancement of offensive cyberweapons or destructive malware
- Mass surveillance of individuals without lawful authority
- Social scoring, political profiling, or discriminatory targeting of protected groups
- Generating disinformation, deepfakes, or synthetic media for deceptive purposes
- Any application that violates Canadian law, international humanitarian law, or human rights standards
Clients who engage ClearGlass for authorized security testing must comply with agreed Rules of Engagement. Use of ClearGlass AI capabilities outside authorized scope is a material breach of the applicable service agreement.
8. Incident Response
If a ClearGlass AI system produces outputs that cause or contribute to a security incident, privacy breach, or significant error affecting a client:
- Notification: ClearGlass will notify the affected client within 72 hours of confirming the AI system contributed to the incident.
- Containment: Affected AI model versions will be quarantined or disabled pending investigation.
- Root Cause Analysis: A technical RCA will be completed within 14 days and shared with the affected client.
- Remediation: Model corrections, retraining, or replacement will be implemented and validated before redeployment.
- Regulatory Reporting: Where required by PIPEDA or other applicable law, ClearGlass will report to the appropriate regulatory authority.
9. Continuous Review
This AI Liability Framework is reviewed and updated at minimum annually, or upon:
- Material changes to Canadian AI regulation (including AIDA and Quebec Law 25)
- Deployment of a new AI platform or major model version
- A significant AI-related incident or near-miss
- Changes to industry standards (NIST AI RMF, ISO/IEC 42001)
Version history and change summaries are maintained internally. Material revisions to client-facing commitments are communicated by posting to this page with an updated effective date.
10. Contact
For questions about our AI governance practices or to report an AI-related concern:
AI GOVERNANCE CONTACT
Desmond Otieno Odhiambo — AI Governance Lead
ClearGlass Inc., Burlington, Ontario, Canada
Email: desmondotieno@icloud.com