• Platform
    Mend-io-logo-mark
    Mend AI Native AppSec Platform Take a tour
    Ai supplemental terms of service - previous version - ai
    Mend AI Secure AI powered applications
    Mend sast icon
    Mend SAST Secure proprietary code 10x faster
    Mend container small icon
    Mend Container Container security done right
    Ai supplemental terms of service - previous version - sca
    Mend SCA Decrease open source risk
    Ai supplemental terms of service - previous version - renovate
    Mend Renovate Automate dependency updates
    Expand AppSec coverage
    Ai supplemental terms of service - previous version - dast icon 1 DAST Ai supplemental terms of service - previous version - apis icon 1 API security Ai supplemental terms of service - previous version - eol icon EOL support
    Platform Benefits
    Ai supplemental terms of service - previous version - repoi icon Repo integration Scalability-icon Scalability Ai supplemental terms of service - previous version - reachability icon Reachability
  • Solutions
    Ai models risk - nav bar icon
    AI app security Manage risks in AI models and agents
    Ai-red-teaming-icon-
    AI red teaming Test and secure conversational AI
    Ai supplemental terms of service - previous version - ai gen code security nav bar icon 36x36 1
    AI gen code security Real-time AI code security
    Sbom - nav bar icon
    SBOM Move from static to effective SBOMs
    Runtime-security-nav-bar-icon
    Dynamic testing Test for risks in running applications
    Code scanning - nav bar icon
    Code scanning Find and fix known vulnerabilities
    Open source license nav bar icon
    Open source security Prevent. Prioritize. Automate.
    Open source license - nav bar icon
    Open source compliance Risk management for OSS licenses
    Dependency updates - nav bar icon
    Dependency updates Reduced risk, better code
    Container security container security
    Container security Container security, simplified
  • Company
    About us - nav bar icon
    About us Who we are
    Careers nav bar icon
    Careers Join our team
    Partners - nav bar icon
    Partners Meet our partners
    Events - nav bar icon
    Events Upcoming events
    Newsroom - nav bar icon
    Newsroom The latest Mend.io news
    Contact-us nav bar icon
    Contact us Connect with us
  • Resources
    Resource center - nav bar icon
    Resource center View our latest resources
    Blog - nav bar icon
    Blog The latest AppSec news and insights
    Podcast-icon
    Podcast Insights from leading experts
    Customers - nav bar icon
    Customers View our customer case studies
    Integrations - nav bar icon
    Integrations Find your integration
    Langugages nav bar icon
    Languages Find your language
    Vulnerability database - nav bar icon
    Vulnerability database Mend.io's OSS vulnerability database
    Documentation - nav bar icon
    Documentation Product and feature documentation
    Featured
    Ai supplemental terms of service - previous version - featured image
    A CISO’s Guide to Securing AI from the Start
    Ai supplemental terms of service - previous version - practical guide to sast white paper image
    A Practical Guide to Making the Most of your SAST Investment
Schedule a Demo

Supplemental Terms of Service for Mend AI-Powered Features

Last Updated: March 2025

These Supplemental Terms of Service (the “Supplemental Terms”) shall govern your use of Mend AI-powered products and features made available to you by us in connection with our Services as listed below (“Mend AI-Powered Features”) and shall be added as a supplement to the legal terms governing your subscription to the Mend services (the “General Terms”). By opting in to using one or more of the Mend AI-Powered Features, you agree to be bound by these Supplemental Terms.

Capitalized terms not defined herein have the meaning given to them in the General Terms. For the avoidance of doubt, any reference of the Mend services under the General Terms (whether such term is defined as the “Platform”, the “Services” or otherwise) shall be construed to include the Mend AI-Powered Features for all intent and purpose, unless these Supplemental Terms conflict with the provisions of the General Terms, in which case, these Supplemental Terms shall govern.

By opting in to any of the Mend AI-Powered Features, you expressly acknowledge and agree to the usage of generative AI products by Mend as set forth herein, including those of Third Party LLM Provider(s). If you are using any of the Mend AI-Powered Features on behalf of a company or other legal entity, you hereby warrant and represent that you have authority to opt in to the usage of a generative AI product, and to bind such entity to these Supplemental Terms, in which case, the terms “you” or “your” shall refer to such entity. If you do not agree to these Supplemental Terms or you do not have authority to opt in to using the Mend AI-Powered Features or to enter into these Supplemental Terms, you must not opt in and accept these Supplemental Terms and may not use the Mend AI-Powered Features.

Please note that you may opt-out of the Mend AI-Powered Features at any time during your subscription. Please contact your Mend contact person whenever you wish to opt-out.

1. The Mend AI-Powered Features      

Mend provides several generative AI-based features, powered by external large language models (LLM) provided by third party companies (the “Third Party LLM Provider(s)”) hosted by such Third Party LLM Providers or self-hosted by Mend. Additionally, Mend uses Mend’s proprietary machine learning technology. These features are designed to improve the detection, prioritization, and/or remediation of security findings including within your custom code, third party components, and other licensing risks. In addition, Mend AI Premium simulates adversarial dynamic attacks against your Tested Applications (as defined below).

2. Updates to Supplemental Terms

We may amend these Supplemental Terms at any time by posting an updated version on our website. Renewals, new subscriptions and upsells to include Mend AI-Powered Features will be subject to the most recent version. Any new features or services introduced not previously included in your subscription, will be governed by new or revised terms of service presented at the time of their release.

3. Intellectual Property

You acknowledge that, as between the parties, the Mend AI-Powered Features and their underlying technology, including any improvements or modifications thereof, are the intellectual property of Mend.

As between the parties, you retain ownership of all data, software, applications, or other information provided by you to Mend through the Mend AI-Powered Features, including (but not limited to) application files (source or byte code), and code snippets (“Customer Data”). You are responsible to ensure that the Customer Data does not infringe third-party rights and does not contain material that may be offensive or violate applicable laws. You are responsible for the accuracy, quality, and legality of the Customer Data and the means by which it is acquired, transmitted, and stored by or on your behalf in connection with or relating to your use of the Mend AI-Powered Features.

As between the parties, you will have full ownership of the output and data points generated by any of the Mend AI-Powered Features, including, without limitation, remediation recommendations,  and, in case Mend AI Premium is included, also Test Results (except the underlying technology, template forms and designs of the Test Results) and code snippets provided to you through the Mend AI-Powered Features (“Output and Generated Data”). Subject to the terms of these Supplemental Terms, Mend hereby assigns to you all right, title and interest, if any, in and to the Output and Generated Data, and all intellectual property rights associated with or embodied therein (if and to the extent that any such rights exist under applicable law). Given the nature of the Mend AI-Powered Features and their underlying artificial intelligence technology, the Output and Generated Data provided to you may not be exclusive or unique, and it is possible that other Mend customers might generate output that are similar or identical to those generated to you. In such circumstances, the rights granted herein do not extend to any Output and Generated Data generated for other Mend customers.

All rights not expressly granted to you under these Supplemental Terms are reserved by Mend.

To enable your use of the Mend AI-Powered Features, we may need to share the Customer Data or part thereof with the Third Party LLM Providers or use our own generative AI product, powered by large language models, as necessary to provide the service. You agree that your Customer Data will be processed by the Third Party LLM Providers and/or by our own generative AI product, powered by large language models. Mend will exert commercially reasonable effort to choose Third Party LLM Providers that commit to use your Customer Data solely for the purposes of enabling you to use the Mend AI-Powered -Features solely for the purpose of enabling your usage. For this purpose, we require, and you hereby grant us, a worldwide, non-exclusive, royalty-free license to share your Customer Data with such Third Party LLM Providers and use our own generative AI product, powered by large language models. This license shall remain in effect for as long as you have access to the Mend AI-Powered Features.

4. Performance of Tests on Customer’s AI Applications (Part of Mend AI Premium)

As part of your use of Mend AI Premium, we actively probe one or more of your conversational Generative AI systems (each, a “Tested Application”) to detect vulnerabilities, by simulating the tactics of potential attackers (the “Tests”) and generate test results containing the Test’s findings (“Test Results”).

Each probe applies different variations and strategies depending on the target’s industry, company, and goals, in order to maximize the security and safety assessment. For these reasons, we retain discretion over the performance of the Tests, their security testing methodologies, what set of Tests to run, how they are used on your Tested Applications, etc. Due to the nature of the Tests, we make no guarantee that all Tests will run on your Tested Applications, that all vulnerabilities will be tested, or that all vulnerabilities will be discovered.

You grant us permission to access your Tested Applications for the purpose set forth hereunder.

We recommend using Mend AI Premium in a non-production environment. You acknowledge and understand that performing the Tests in a live production environment with your data may carry inherent risks and inadvertently expose us to your users’, personnel, or other individuals’ real personal or sensitive data of whatever sort you process in connection with such individuals, or high-risk data, such as data that, if compromised, could result in significant harm to you or such data subjects (collectively, “Personal Data”), and, to the maximum extent permitted by applicable law, we expressly disclaim any liability in connection therewith. Mend AI Premium is not intended to process any such Personal Data. If such Personal Data inherently resides in your Customer Data, it is your sole responsibility to ensure that any applicable data protection obligations are met, and you further declare that you have every necessary right, consent and authorization to allow us to access such Personal Data solely for the purposes set forth hereunder. In the event sensitive information, or high-risk data resides in your Customer Data, you will notify us as soon as you become aware and we will delete such Personal Data if included in the Test Results as soon as possible (the earlier of: following completion of the Test Results and your first written request). We disclaim any liability for claims, losses, damages, or liabilities arising out of or related to our access to Personal Data residing in your Tested Applications as part of the performance of the Tests, and you shall fully defend, indemnify, and hold us harmless from and against any third party claims arising out of or related to any such access by us in connection with the provision of the Mend AI Premium services to you pursuant to these Supplemental Terms.

We may, at our sole discretion, decide to shorten the retention period for any Personal Data we are exposed to during the Tests. We may also delete, anonymize, or pseudonymize such Personal Data, either before or after we share the Test Result with you.

5. Human Oversight

5.1. The Mend AI-Powered Features, as many other AI tools, may have inherent limitations and may not always accurately capture the complexities of every unique Customer Data. You should remain vigilant and apply your domain knowledge to supplement the AI-generated Output and Generated Data.

5.2. For Mend AI-Powered Code Remediation: While Mend AI-Powered Code Remediation provides automated remediation suggestions and code snippets, exerting human judgment and expertise in reviewing and implementing these suggestions by you is required. THE OUTPUTS MAY NOT BE ACCURATE, RELEVANT, OR MAY NOT RESOLVE THE ISSUE AND COULD POTENTIALLY DISRUPT YOUR ENVIRONMENT OR CAUSE DAMAGE TO YOUR CODEBASE OR SYSTEMS.

YOU ACKNOWLEDGE AND AGREE THAT YOU ARE RESPONSIBLE FOR REVIEWING ALL OUTPUTS FOR ACCURACY, RELEVANCE, AND COMPLETENESS, ENSURING THAT IMPLEMENTATION OF OUTPUTS DOES NOT INTRODUCE NEW VULNERABILITIES, AND FOR TAKING APPROPRIATE PRECAUTIONS TO MITIGATE POTENTIAL RISKS, INCLUDING CREATING BACKUPS.

6. Information about your Data 

Per the Third Party LLM Providers contractual commitment to Mend, your Customer Data shared with Mend AI-Powered Features will not be used to train any generative AI model, including those of the Third Party LLM Providers.

We are committed to safeguarding the privacy and security of your Data. As part of our dedication to ethical and responsible practices, we have established a clear policy regarding the use of generative AI technology within our operations.

We note that your Data as processed in connection with these Mend AI-Powered Features may be hosted at our third-party data hosting facilities within Microsoft Azure. This applies even if your other Customer Data is stored in our data environment hosted on AWS. By using the Mend AI-Powered Features, you acknowledge and consent to your data being processed and stored in Azure for these specific purposes.

7. Acceptable Use

By accepting these Supplemental Terms, you hereby agree to use the Mend AI-Powered Features only in accordance with Mend’s Acceptable Use Policy available at https://www.mend.io/acceptable-use-policy/.

8. High-Risk and Prohibited Use:

8.1. THE MEND AI-POWERED FEATURES ARE NOT DESIGNED OR TESTED FOR USE IN HAZARDOUS ENVIRONMENTS OR ANY OTHER ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, INCLUDING IN THE OPERATION OF ANY USE WHICH IS LISTED UNDER TITLE II OF THE EU AI ACT AND/OR DEFINED AS HIGH-RISK USE UNDER SUCH REGULATION OR ANY EQUIVALENT LAW OR REGULATION IN ANY OTHER JURISDICTION. YOU HEREBY COMMIT NOT TO USE ANY OF THE OUTPUT IN ANY SUCH ENVIRONMENT AND/OR MAKE ANY SUCH USE OF THE MEND AI-POWERED FEATURES.

8.2. You will not use the Mend AI-Powered Features to generate Outputs for the express purpose of creating synthetic training data to develop or train AI models or systems that have substantially similar functionality to a general-purpose AI model service or the Mend AI-Powered Features. The restrictions in this section do not prevent generating Outputs for use as an input to dynamic AI models or systems.

© 2025 Mend.io (White Source Ltd.) All rights reserved.