60 minutes · 3 sub-sections: Authorization & Scope Law · Disclosure & Evidence · Harness-Specific Risks
Non-optional. You are building attack tools. The law defines what that means.
Pillar 0 — Security Harness Foundations
Course 1 assumed a cooperative target. Every assumption breaks when the target is an adversary and your harness is the weapon.
But before the technical inversion — there is a more fundamental one.
The difference between a bug bounty payout and a federal indictment is not the tool. It is the authorization.
| Course 1 assumption | Course 2A reality |
|---|---|
| Target environment is cooperative | Target is adversarial by design |
| Tool outputs are trusted | Tool outputs may contain injected payloads |
| Loop runs until task complete | Loop runs until evidence threshold met or scope exhausted |
| Verification = did it work? | Verification = can I prove it to a client, program, or court? |
| Sandbox contains the agent | Agent reaches out through the sandbox to attack a target |
This module is about the last row's legal dimension — everything else flows through S01 onward.
S00.1 — Authorization & Scope Law. The statutes, the cases, the authorization chain, the bug bounty contract.
S00.2 — Responsible Disclosure & Evidence Obligations. What you owe the vendor, what evidence you must keep, what you must destroy.
S00.3 — Harness-Specific Legal Risks. Where autonomy creates exposure a human tester never had — and the control for each.
The three jurisdictional frameworks a cross-border harness implicates.
593 U.S. 374. The Supreme Court adopted the "gates-down" interpretation of "exceeds authorized access."
"Exceeds authorized access" means accessing a file, folder, or database you are not authorized to access at all — not accessing an authorized area for an improper purpose.
What it did: narrowed the CFAA; helped researchers accused of misusing authorized access.
What it did not: create a general good-faith defense, or touch the threshold question of authorization itself. Out-of-scope access remains unprotected.
For a harness: authorization is binary at the gate. The scope file permits the target, or the call is a potential § 1030(a)(2) violation. The decision moved the fence; it did not remove it.
Authorization is not a document. It is a chain — a sequence of permissions, each linking to the next.
A break anywhere voids downstream cover. Three breaks: sponsor≠owner · action outside RoE · stale scope.
The scope file must carry valid_until and be re-verified each session.
Program policy = reciprocal obligations. Authorization + safe harbor in exchange for RoE compliance. Breach the RoE → potentially breach the contract → lose the safe harbor.
| Clause | What it actually means |
|---|---|
| Scope | Exhaustive in-scope list (HackerOne / Bugcrowd / Disclose.io standard). Not "*.example.com." |
| Exclusions | Override apparent in-scope matches. Check after matching, not before. |
| Rules of Engagement | Behavioral: minimum testing, no DoS, no exfil, no social-eng. Distinct from the target list. |
| Safe Harbor | Conditional. Covers in-scope + RoE-compliant only. Does not bind third parties. |
| Disclosure | CVD baseline. Bounty eligibility often tied to CVD adherence. |
Coordinated Vulnerability Disclosure (CVD) is the baseline norm.
CERT/CC default ~45 days. Google Project Zero ~90 days. Program policy overrides the default.
A finding without evidence is an opinion. A finding with a reproducible chain is a deliverable — and a legal record.
| Field | Why |
|---|---|
| Timestamp (UTC) | Establishes when — for authorization-window disputes |
| Session / trace ID | Correlates finding to the scope file in force |
| Exact request + response | Reproducibility — vendor must replay it |
| Tool + version | Tool-specific false positives are real |
| CVSS (draft) | Severity triage — automate as draft only |
| Reproduction steps | Vendor QA must reproduce without you |
| Scope reference | The legal anchor — ties finding to authorization |
For a SQLi: "I can read the users table" is the finding. SELECT COUNT(*) FROM users is the proof. SELECT * FROM users is a breach you just committed.
An evidence logger that writes forever and never destroys is building a compliance time bomb, not an evidence chain.
Four risks unique to autonomous security harnesses. Each maps to a control that must exist before you point the harness at anything other than an isolated lab.
| Risk | Statute | Control |
|---|---|---|
| 1. DoS-by-scanner | CFAA § 1030(a)(5); CMA s.3 | Rate-limit + distress-detection middleware |
| 2. Out-of-scope calls | § 1030(a)(2); CMA s.1 | Scope enforcement in code (not the prompt) |
| 3. Evidence retention | GDPR; breach laws | Per-class retention + documented destruction |
| 4. Agentic escalation | All of the above | Bounded autonomy + scope enforcement + kill switch |
Operational heuristics that reduce risk sharply:
-t 10, not -t 500The rate-limit middleware is a § 1030(a)(5) mitigation, not a performance optimization.
Controls that flow from accepting this:
| Anti-pattern | The cure |
|---|---|
| Scope in the system prompt | Scope enforcement middleware (S01.2) |
| Full database dump as proof | Minimum-proof discipline; classify Restricted; destroy |
| Unbounded evidence store | Per-class retention + automated destruction |
| High-concurrency scan vs production | Rate-limit + distress middleware from the RoE |
| "The model did it" | Bounded autonomy + scope in code + approval gates |
The scope file is the input. The JSON you produce in the S00 lab — authorized targets, rules of engagement, exclusions, valid_until — is exactly what S01's scope enforcement middleware loads and checks on every outbound call.
The legal layer becomes the engineering layer. Authorization is binary at the gate. Scope is a hard-wired control. Evidence is an append-only, scope-referenced log. Retention is enforced, not documented.
Next: S01 — Security Harness Architecture. The offensive state machine. Scope enforcement built. Adversarial tool outputs defended.