Automatticcareers
automattic.com
Detected Vendor Stack
Our Apps for Your Stack
Ticket sidebar app for scanning support replies, security responses, macros, and AI claims.
CRM card and workflow webhook for scanning sales/security claims and customer-facing AI language.
Jira-targeted SecEng program blueprint exporter with native issue types, epics, components, and story templates.
Enterprise Onboarding
SSO / Identity Provider
Authentication features(7 available)TOTP / Authenticator AppPasskeys (WebAuthn)Magic Link / PasswordlessEncrypted Backup Codes+3 more
GitHub Signals
CI security tooling
Codebase
AI repos
AI Attack Surface
agent.automattic.com → 192.0.78.24 (+1)
agents.automattic.com → 192.0.78.25 (+1)
ai.automattic.com → 192.0.78.24 (+1)
api.automattic.com → 192.0.78.24 (+1)
assistant.automattic.com → 192.0.78.24 (+1)
chat.automattic.com → 192.0.78.25 (+1)
chatbot.automattic.com → 192.0.78.24 (+1)
copilot.automattic.com → 192.0.78.24 (+1)
genai.automattic.com → 192.0.78.24 (+1)
gpt.automattic.com → 192.0.78.25 (+1)
inference.automattic.com → 192.0.78.24 (+1)
intelligence.automattic.com → 192.0.78.24 (+1)
lab.automattic.com → 192.0.78.25 (+1)
labs.automattic.com → 192.0.78.25 (+1)
llm.automattic.com → 192.0.78.25 (+1)
ml.automattic.com → 192.0.78.25 (+1)
models.automattic.com → 192.0.78.25 (+1)
platform.automattic.com → 192.0.78.25 (+1)
playground.automattic.com → 192.0.78.24 (+1)
studio.automattic.com → 192.0.78.24 (+1)
Job Posting Intelligence
Trust Scanner
0
Public Surface
0
AI Language
0
Legal Clarity
0
Security Trust
19
Consistency
100
Remediation Opportunity
Trust Scanner · ATG Scorecard
Automatticcareers · public trust surface
Public trust surface scored 3 with 6 positive detectors out of 74 across 2 pages. Higher remediation scores mean more visible work remains.
3
weak
Public Surface
Whether trust, legal, security, AI, methodology, and contact surfaces are discoverable and coherent.
0% signal
AI Language
Whether AI claims are specific, bounded, and tied to engineering evidence rather than generic positioning.
0% signal
Legal Clarity
Whether privacy, terms, contract, data-processing, and customer-facing boundaries are clear enough to review.
0% signal
Security Trust
Whether public trust artifacts explain controls, evidence, limitations, and escalation paths without oversharing.
0% signal
Consistency
Whether public claims, caveats, service language, and trust artifacts agree across the site.
19% signal
Remediation Opportunity
Whether the public surface makes the next improvement work obvious, scoped, and evidence-backed.
100% signal
Public-signal caveat
Based on public website signals and observed artifacts, not proof of any organization's internal security maturity.
Observed artifacts · 5 of 5
Top finding
highMissing Secure SDLC
Describe the lifecycle controls that support secure development.
24 more findings
Missing Vulnerability Disclosure
Publish the disclosure path and safe-harbor terms together.
Missing Security Contact
Expose a clear public security contact or disclosure mailbox.
Missing Incident Response
State how incidents are detected, escalated, and communicated.
Missing Security Whitepaper
Provide a public security whitepaper when the product depends on trust-sensitive claims.
Missing Certifications
Only publish certification claims alongside a public attestation artifact.
Missing Security Overview
Add a concise overview of the security program and where the supporting evidence lives.
Missing Incident Communication
Document how customers are notified and where public incident updates live.
Missing Status Page
Link the status page from the trust surface if it is part of the buyer review path.
Missing Privacy Policy
Clarify what personal data you collect, process, retain, and disclose.
Missing Privacy Center
Create a single public privacy hub that links policy, rights, and preference actions.
Missing Data Subject Request Portal
Expose a public rights-request path for access, deletion, correction, and portability.
Missing Consent Management
Clarify how consent is captured, changed, and withdrawn.
Missing Data Breach Notice
Explain how breach notification works and who is notified.
Missing Data Processing Addendum
Make the DPA request path easy to find for customers and partners.
Missing Subprocessors List
Publish a current subprocessor or vendor list with update cadence.
Missing AI Usage Policy
Explain how AI is used, reviewed, and bounded in public-facing products.
Missing Responsible AI Principles
Publish a short principle set that maps to actual product controls.
Missing Customer Data Training Policy
Clarify whether customer prompts, files, and outputs can train or improve models.
Missing Model Provider Disclosure
State which model or provider services are used and where customer data may flow.
Missing Prompt Logging Policy
Clarify whether prompts, conversations, and outputs are logged or retained.
Missing Model Card or System Card
Publish a model or system card if the site makes substantial AI claims.
Missing AI Evaluation or Safety Report
Provide a public evaluation or safety summary when AI claims are central.
Missing Transparency Report
Publish a public transparency report when the product makes AI capability claims.
Missing Model Limitations
Describe where the model or AI system fails, degrades, or needs human review.
Dimension maturity
Scanned 2026-06-23 · rules vtrust-scanner-rules.v1 · 2 artifacts probed