Authorized Use Policy

Why we verify every buyer

OMNI is a serious offensive security platform. We sell exclusively to legitimate red teams, penetration testers, MSSPs, and security researchers — and we have a verification process to keep it that way.

Our verification commitment

Selling offensive security tools to the wrong people creates real-world harm. We refuse to be part of that. Every OMNI license requires verification of legitimate purpose — and we reject orders that don't pass.

This protects three things: our existing customers (whose tradecraft we don't want commodified by criminals), the broader security community (who trust that commercial offensive tools have a reputable distribution chain), and our company (legally and ethically).

The 4-step verification process

01

Order placed

You complete the signup or contact form. License is provisioned in pending state — no platform access yet.

02

Identity check

We verify business email domain, request a brief description of intended use, and check public LinkedIn / company profile.

03

Authorization confirmation

You confirm in writing (signed terms) that all use will be against assets you have explicit written permission to test.

04

License activated

HWD ID is bound, platform access enabled. Full refund available if rejected at any step. Typical turnaround: 1 business day.

Who qualifies

  • Penetration testing firms with active client contracts
  • In-house red teams at enterprises (Fortune 500 + mid-market)
  • MSSPs offering offensive security services to clients
  • Security researchers with verifiable disclosure history
  • Government / defense contractors with appropriate clearances
  • Bug bounty hunters with established platform reputation
  • Independent practitioners with verifiable offensive security certifications (OSCP, OSEP, OSED, CRTO, CRTP, GPEN, GXPN, etc.)
  • Independent researchers with assigned CVEs or published vulnerability disclosures (verifiable via NVD or vendor advisories)
  • Academic security research with institutional affiliation

Who we reject (no exceptions)

  • Anonymous individuals with no verifiable security background
  • Organizations under active OFAC sanctions or in restricted jurisdictions
  • Any buyer suggesting use against systems they don't own or aren't contracted to test
  • Resellers without a signed reseller agreement
  • Buyers who decline to provide intended-use information

Ongoing compliance

Verification doesn't end at purchase. We monitor for:

· Anomalous usage patterns suggesting unauthorized targeting (e.g., agents in unexpected geographies, rapid mass deployment)
· Public disclosure of OMNI use in unauthorized contexts (we monitor security news and abuse reports)
· License sharing across organizations — each HWD ID is bound to one organization

Confirmed misuse results in immediate license termination without refund, and where appropriate, reporting to law enforcement.

Reporting suspected misuse

If you believe OMNI is being used in an unauthorized context, please email abuse@omni-c2.io. Reports are reviewed within 2 hours and we will take action within one business day.

Ready to start the verification?

Most legitimate red teams clear verification within one business day. We respond fast.

Contact sales to begin