Last updated: May 26, 2026
Kyora IQ Nemesis is provided strictly for authorized security research, education, and testing of AI systems you own or have explicit written permission to assess. By using this tool, you confirm you hold that authorization. The operators store no credentials, scan results, IP addresses, or personally identifiable information and accept no liability for unauthorized, unlawful, or malicious use. All attack requests are executed using your own API credentials directly from your browser against your designated endpoint only. Use against systems without authorization may violate the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, GDPR, and equivalent laws in your jurisdiction. You are solely and entirely responsible for ensuring lawful use.
Kyora IQ Nemesis stores nothing. Your API key is held in browser memory only for the duration of your scan. Scan results, prompts, and model responses are rendered in your browser and never transmitted to Kyora IQ servers. No personally identifiable information, IP addresses, or usage data is collected. Closing your browser tab immediately and permanently discards all credentials and results.
To prevent use against systems you do not own, Kyora IQ Nemesis permits API calls only to official provider endpoints (api.openai.com, api.anthropic.com). Custom endpoints are technically accepted but must be entered explicitly by the user and remain the user's sole responsibility. Arbitrary URL inputs that do not match known provider domains are blocked at the application level.
Unauthorized computer access may violate: the Computer Fraud and Abuse Act (CFAA) in the United States; the Computer Misuse Act 1990 in the United Kingdom; the General Data Protection Regulation (GDPR) in the European Union; and equivalent legislation in other jurisdictions. You are solely responsible for ensuring that your use of this tool complies with all applicable laws.
If you discover a genuine security vulnerability in a third-party AI system while using Kyora IQ Nemesis, follow the vendor's published responsible disclosure policy. Do not exploit the vulnerability. Do not publicly disclose details before the vendor has had a reasonable opportunity to remediate. Most major AI providers maintain a security disclosure program — check the vendor's security page or HackerOne profile.
If you believe this tool is being used to harm or test systems without authorization, please contact Kyora IQ through our GitHub repository. We take responsible use seriously and will cooperate with legitimate law enforcement inquiries.