Pilot Evaluation Agreement

1. Parties and Effective Date

This Pilot Evaluation Agreement (the "Agreement") is entered into by and between:

Client:

TeNova:

Tenable Nova LLC, a limited liability company organized under the laws of the State of Delaware.

Effective Date:

The pilot engagement shall commence on the date of the kickoff session and shall continue for a period of ten (10) working days from that date (the "Pilot Period"), unless terminated earlier in accordance with Section 11 of this Agreement.

2. Scope of Work

During the Pilot Period, Tenable Nova LLC ("TeNova") shall deliver the following to the Client:

1. Dedicated Enclave-tier tenant provisioned on the Axiom Sovereign Engine with 365-day anchor retention.
2. SDK integration support for one (1) AI system, using either the Python or TypeScript SDK, with any supported inference provider.
3. Three (3) structured working sessions conducted remotely, each approximately sixty (60) minutes in duration:
   • Kickoff Session -- scope alignment, environment provisioning, and integration planning
   • Mid-point Session -- evidence review, procedure coverage assessment, and issue resolution
   • Findings Session -- final posture review, export walkthrough, and conversion discussion
4. Auditor portal access with real witness evidence generated from the Client's live inference data.
5. Compliance Passport export in both HTML and signed JSON formats.
6. OSCAL Assessment Results export validated against NIST oscal-cli.
7. Regulatory conformity checklist with framework-specific evidence mapping (EU AI Act, NIST 800-53, CMMC, or other applicable framework as agreed during the kickoff session).

3. Scope Exclusions

The following items are expressly excluded from the scope of this engagement:

• Custom application code, model development, or production feature engineering on behalf of the Client
• On-site visits, travel, or in-person working sessions
• Integration of more than one (1) AI system -- additional systems require a separate engagement or paid subscription
• Production-grade service level agreements (SLAs), uptime guarantees, or 24/7 support
• Drafting of compliance documentation, system security plans, or assessment reports on behalf of the Client
• Submission of regulatory filings, authorization packages, or conformity declarations on behalf of the Client

4. Fees and Payment

The total fee for the pilot engagement described in Section 2 is ten thousand United States dollars ($10,000 USD). TeNova shall issue a single invoice upon execution of this Agreement, payable within thirty (30) calendar days of the invoice date.

The fee becomes non-refundable upon completion of the kickoff session.

5. Success Criteria

The pilot engagement shall be deemed successful upon satisfaction of the following measurable criteria:

1. All applicable AI procedures produce verdicts derived from live inference data originating from the Client's AI system.
2. The auditor portal displays accurate, real-time witness evidence reflecting the Client's compliance posture.
3. At least one (1) export package (Compliance Passport, OSCAL Assessment Results, or EU AI Act conformity checklist) is reviewed and acknowledged by the Client's assessment team.
4. The Client's technical team can independently wrap an AI client using the SWT3 SDK and verify resulting witness anchors without assistance from TeNova.

6. Intellectual Property

The Client shall own all compliance evidence, exports, witness anchors, and assessment artifacts generated during the Pilot Period. This includes, without limitation, all Compliance Passport exports, OSCAL Assessment Results, and auditor portal content produced from the Client's data.

TeNova retains all rights, title, and interest in and to the SWT3 Witness Protocol, the Axiom Sovereign Engine, the Unified Compliance Taxonomy (UCT) Registry, the SWT3 SDKs, and all associated intellectual property, including patents pending and issued.

Witness anchors recorded in the shared verification ledger shall be jointly accessible by both parties for the purpose of independent verification. Access to shared ledger records does not constitute a transfer of ownership in the underlying protocol infrastructure.

Neither party acquires any rights in the other party's pre-existing intellectual property by virtue of this Agreement.

The SWT3 protocol specification is published under Apache 2.0 and remains freely available regardless of the status of this Agreement or Tenable Nova LLC. Client's use of the open protocol is not contingent on any commercial relationship with TeNova.

7. Confidentiality

Each party (the "Receiving Party") agrees to hold in confidence all non-public information disclosed by the other party (the "Disclosing Party") in connection with this Agreement ("Confidential Information"). This obligation shall remain in effect for a period of two (2) years from the Effective Date.

Confidential Information includes, without limitation: pilot results and compliance posture data, system architecture and technical implementation details, pricing terms and commercial arrangements, and any information expressly marked as confidential.

The confidentiality obligations set forth herein shall not apply to information that:

• Is or becomes publicly available through no fault of the Receiving Party;
• Was independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information;
• Is disclosed pursuant to a valid order of a court or governmental authority, provided that the Receiving Party gives the Disclosing Party prompt written notice of such requirement to the extent permitted by law; or
• Was received from a third party without restriction on disclosure and without breach of any obligation of confidentiality.

8. Logo Rights

Upon conversion to a paid subscription tier (Pro, Enclave, or Sovereign), Client grants Tenable Nova LLC a non-exclusive, royalty-free license to use Client's name and logo on TeNova's website and marketing materials to identify Client as a customer. This license remains in effect for the duration of the paid subscription.

Either party may revoke this license with thirty (30) days written notice, at which point TeNova will remove Client references within thirty (30) days of receiving notice.

9. Data Handling

Data handling during the pilot engagement shall conform to the SWT3 Clearing Protocol as defined in the SWT3 Specification.

At Clearing Level 1 (Standard) and above, raw prompts and model responses never leave the Client's infrastructure. Only cryptographic hashes (SHA-256, truncated to 12 characters) and numeric compliance factors cross the network boundary to the TeNova witness endpoint.

The engagement is compatible with GDPR requirements. No personal data is processed by TeNova beyond the account credentials necessary for tenant provisioning and authentication. All witness data remains within the Client's tenant boundary and is subject to the retention policies of the assigned subscription tier.

Data portability: The Client may export all witness anchors, compliance evidence, and assessment artifacts at any time during and after the engagement via the platform's JSON, CSV, and OSCAL export capabilities. In the event that Tenable Nova LLC ceases operations, the Client's data will be made available for export for a minimum of 90 calendar days prior to service termination, and the open-source SWT3 protocol ensures that all anchors remain independently verifiable without any TeNova infrastructure.

10. Limitation of Liability

Neither party's aggregate liability under this Agreement shall exceed the total fees paid or payable by the Client under this Agreement.

NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION OR THE THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

11. Termination

Either party may terminate this Agreement by providing five (5) business days written notice to the other party.

If termination occurs before the mid-point session, the Client shall receive a pro-rated refund based on the number of working sessions completed relative to the total sessions described in Section 2(c).

If termination occurs after the mid-point session, no refund shall be due.

Upon termination for any reason, the Client shall retain access to all compliance evidence, exports, witness anchors, and assessment artifacts generated during the engagement period. TeNova shall maintain the Client's tenant and associated data for a minimum of thirty (30) calendar days following the termination date to allow for data retrieval.

12. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of __________________, without regard to its conflict of laws principles.

13. Entire Agreement

This Agreement, together with the Pilot Scope Document referenced herein, constitutes the entire agreement between the parties with respect to the subject matter hereof. No amendment or modification of this Agreement shall be effective unless made in writing and signed by authorized representatives of both parties.

14. Signatures

By signing below, each party acknowledges that it has read, understood, and agrees to be bound by the terms and conditions set forth in this Agreement.