AI Disclosure

1. How We Use AI

Intarmour may use artificial intelligence tools to assist with research, analysis, and content creation as part of our advisory practice. AI is employed as a supplementary capability — not a substitute for professional judgement.

All advisory deliverables, assessments, and recommendations produced by Intarmour are reviewed, validated, and approved by qualified human experts before being shared with clients. No advisory output is generated or delivered to clients through fully automated processes without human oversight and professional review.

2. AI in Advisory Services

AI tools may be used to support the following activities within our advisory engagements:

Threat Intelligence Analysis: AI may assist in processing and correlating threat intelligence data, identifying patterns across large datasets, and synthesising research from multiple sources to inform advisory recommendations.

Regulatory Compliance Research: AI tools may be used to accelerate the analysis of regulatory frameworks, cross-reference compliance requirements across jurisdictions, and identify relevant regulatory developments that may affect our clients.

Vulnerability Assessment Support: AI may support the identification and classification of technical vulnerabilities during due diligence and security assessments, helping to prioritise findings by severity and business impact.

In all cases, final recommendations, risk assessments, and strategic advice are formulated and delivered by qualified human advisors with relevant domain expertise. AI does not make advisory decisions on behalf of Intarmour or our clients.

3. Data Privacy & AI

Client confidentiality is paramount. We maintain strict controls over how data interacts with AI systems:

No training on client data: Client data is never used to train, fine-tune, or improve AI models — whether operated by Intarmour or by third-party providers. This prohibition is absolute and applies to all categories of client information.

Confidential information handling: All confidential client information is processed in strict accordance with our Privacy Policy and the terms of applicable non-disclosure agreements. Where AI tools are used in connection with client engagements, data handling protocols ensure that confidential information is not exposed to, retained by, or accessible to AI service providers beyond the scope of the specific processing task.

Data minimisation: When AI tools are employed, we apply the principle of data minimisation, providing only the information strictly necessary for the specific analytical task. Personally identifiable information and commercially sensitive data are anonymised or excluded wherever possible.

4. Content Generation

Some educational and informational content published on this website — including articles, guides, and resource materials — may be AI-assisted in its creation. This includes research synthesis, drafting support, and structural organisation of complex topics.

All published content is reviewed for accuracy, completeness, and relevance by cybersecurity professionals with direct expertise in the subject matter. Intarmour takes editorial responsibility for all content published under its name, regardless of whether AI tools were used in the drafting process.

5. Third-Party AI Services

When third-party AI services are used in connection with our operations or advisory work, they are selected and evaluated based on the following criteria:

EU data sovereignty: Preference is given to AI services that process data within the European Economic Area (EEA) and are operated by entities subject to European jurisdiction. We evaluate the data residency, processing locations, and corporate governance of AI service providers.

GDPR compliance: All third-party AI services used in connection with personal data processing are assessed for compliance with the General Data Protection Regulation. Data processing agreements are established in accordance with Article 28 of the GDPR where applicable.

Security standards: AI service providers are evaluated against information security standards consistent with ISO/IEC 27001 and our internal vendor risk management framework. This includes assessment of encryption practices, access controls, data retention policies, and incident response capabilities.

6. Your Rights

Clients engaged with Intarmour have the right to request information about AI usage in their specific engagement. This includes:

Whether AI tools were used in the preparation of deliverables or the conduct of assessments; what categories of AI tools were employed and for what purposes; what data protection safeguards were applied in connection with AI usage; and whether any client data was processed by third-party AI services.

We will respond to such requests transparently and in a timely manner. Clients may also request that AI tools not be used in connection with their engagement, and we will accommodate such requests where operationally feasible.

7. Contact

Questions about our AI practices, this disclosure, or the use of AI in a specific engagement can be directed to:

Intarmour di Simone Nogara
Via Morazzone 4, 22100 Como, Italia
P.IVA: IT03817020138
Email: advisory@intarmour.com
Privacy enquiries: privacy@intarmour.com

This disclosure is reviewed periodically and updated to reflect changes in our AI practices, the regulatory landscape, and evolving best practices in responsible AI governance. Material changes will be indicated by updating the effective date above.