We sell offensive capability. We refuse to misuse it.
Global Rail Cyber Security is built around a hard refusal: the engine does not touch a target it has not been authorized to touch. The controls below are enforced in the operator console, in the database, and in the run-time itself.
Each engagement carries an allowlist of repositories, contract addresses, or hostnames. The engine refuses to compile, fetch, or exploit anything outside the allowlist — the check sits at the database layer, not in application code.
Runs only execute against targets backed by a signed authorization document. Operators see the linked document in the console for every active engagement; expired or missing authorization blocks the run before it starts.
Web2 / AI exploit sweeps run inside sandboxed staging environments — your range, your isolation. Production probing only happens when you explicitly opt in and the authorization document names that target.
Each tenant is isolated by row-level security. Service-role access is reserved for the verified ingestion path and admin maintenance — never for ordinary reads.
Every run, finding, AI co-pilot call, and submission is logged with operator identity and timestamp. You can reconstruct exactly what the engine did, against which target, and on whose authorization.
We don't scan opportunistically. We don't probe targets that aren't on a customer allowlist. We don't sell raw alerts as 'findings'. If we can't prove it, we drop it.
We're happy to share both ahead of any engagement.