Security & Trust

Authorized testing only

We are an offensive security company, which means we hold ourselves to a higher standard. Every engagement runs under a signed authorization that defines the targets, the roles in play, and a fixed time window. We test what you approve and nothing else.

We extract, we don’t destroy

Our goal is to prove what a rogue employee could take. We attempt extraction; we never delete, modify, encrypt for ransom, or otherwise damage your data or systems.

Handling the data we touch

• We collect the minimum needed to demonstrate a finding.
• Anything we extract is encrypted in transit and at rest.
• We destroy engagement data on the schedule agreed in your contract.
• Findings are shared only with the people you designate, under NDA.

Aligned to the frameworks

Our findings map to NIST AI RMF, the OWASP LLM Top 10, and EU AI Act obligations, so the evidence we produce fits the language your auditors and regulators already use.

Responsible disclosure

Found a vulnerability in our website or systems? We want to hear from you. Email security@fakerogue.comand we’ll respond promptly.