On It
Stage: Pre-launchDocumenting interest only — no money is being collected. No securities are being offered.Phase 1 · Arkansas-onlyWhat's real today →

AI Use Policy

Last updated: 7/4/2026

Pre-launch document. This policy describes the AI commitments the cooperative intends to adopt at entity formation. It is the public draft, not a current contract.

The four pledges

  1. No training on member data. The cooperative does not, and is not intended to, sell, license, or otherwise hand member data to any AI model provider for training purposes. Inference (asking a model a question that includes member data on the round-trip) is allowed only for the member's direct benefit, with audit logging.
  2. Disclosed model list. The set of AI providers and model families used on member data is intended to be a published list, updated when it changes. Members can see what touches their data.
  3. Audit log, member-readable. Every AI agent action taken on behalf of a member — sending a message, scheduling a job, initiating a payment, modifying a record — is intended to be logged and visible to that member, with the model used and the prompt scope.
  4. Humans in the loop for irreversible actions. Settlement transfers, bounty payouts, role changes, and any action the cooperative cannot easily undo are intended to require explicit human confirmation, even when initiated by an agent.

Members may use their own agents

Per the Member Data Charter, members are intended to be able to point their own AI agents at their own data via scoped, read-only tokens. The cooperative is not liable for actions taken by third-party agents that a member has authorized.

What members can ask the co-op agent to do (planned)

  • Summarize their own ledger, patronage YTD, and service history.
  • Look up Tech Panel specifications and recommendations.
  • Draft (not send) communications to their Privateer or hub.
  • Explain a settlement calculation using the published Autonomous Actions rules.

What the co-op agent will not do

  • Move money without explicit member confirmation.
  • Change another member's data.
  • Sign legal documents, accept terms, or vote on member matters.
  • Override the human Privateer's authority on a job site.

Industry standards mapping (OWASP Top 10 for LLM Applications)

The cooperative's planned posture is intended to align with the OWASP Top 10 for LLM Applications (2025). This is an alignment statement, not a certification claim.

  • LLM01 Prompt Injection. Human-in-the-loop is intended to be required for irreversible actions; agent tokens are intended to be scoped and revocable.
  • LLM02 Insecure Output Handling. No model output is intended to execute code, move money, or modify member records without explicit human confirmation.
  • LLM03 Training Data Poisoning. No member data is intended to be sent to any provider for training (see pledge 1 above).
  • LLM06 Sensitive Information Disclosure. Member data is intended to remain within the member's own audit scope; aggregated and de-identified operational data is governed by the Member Data Charter.
  • LLM07 Insecure Plugin / Tool Design. When the cooperative ships an agent-callable surface (MCP server or equivalent), it is intended to default to read-only with scoped tokens and per-tool authorization.
  • LLM08 Excessive Agency. The co-op agent is intended to draft, summarize, and look up — never to send communications, sign documents, or vote on member matters autonomously.
  • LLM10 Model Theft. Not applicable — the cooperative does not intend to train or host proprietary models.

Indirect prompt injection

Indirect prompt injection is the 2025-era attack class where malicious instructions hide inside content a model later reads — a scraped page, an inbound email, a third-party dataset — and hijack the agent's behavior without the user typing anything malicious.

What the cooperative intends to do about it: default agent tokens to read-only; require human confirmation on any irreversible action; prevent agents from elevating their own scope; and keep tool outputs in a sandboxed context before they re-enter the model's prompt.

What the cooperative cannot guarantee: the behavior of a third-party agent that a member chooses to point at their own data. Per the Member Data Charter, members who connect their own agents are responsible for that agent's behavior and any actions it takes on their behalf.

Provider posture

The cooperative intends to prefer providers that contractually commit to no-training on API-submitted data and that publish their data-handling, regional inference, and retention policies. Where regional inference is available, it is intended to be preferred to keep member data closer to the member.

Related

Questions

leads@onitrobotics.com