Brian Sims
Editor
Brian Sims
Editor
CREST, THE international not-for-profit body representing the global cyber security industry, has launched the CREST AI Charter and CREST AI Principles. A global cohort of more than 60 founding signatory cyber security organisations – representing upwards of 10% of CREST’s members – have already publicly committed to supporting the responsible use of Artificial Intelligence (AI) across cyber security services.
The CREST AI Charter has been developed in response to growing demand from industry, Government and buyers for greater confidence in these emerging capabilities. As AI becomes increasingly embedded in cyber security activities, organisations increasingly need assurances that it’s being used responsibly, transparently and with appropriate human oversight.
In penetration testing, for example, 47% of organisations are already using AI for reporting and 44% for vulnerability scanning and enumeration. This is part of a broader cyber security service delivery trend where 76% of providers have increased their AI use over the past year and 69% are now using AI in daily service delivery and workflows.
Nick Benson, CEO at CREST, said: “Since the advent of AI, the cyber security industry has faced a turbulent mix of immediate threats and a rapidly shifting landscape, while bracing for future disruptions to its workforce and stability. The support of our founding signatory organisations reflects industry recognition that responsible AI adoption requires more than technology alone. It requires shared expectations, professional standards and practical approaches to assurance.”
Trust and accountability
Given that cyber security providers are often granted privileged access to sensitive systems, networks and data, the responsible use of AI is critical when it comes to maintaining trust, accountability and reducing risk.
Drawing on its global membership and technical Working Groups, CREST created the AI Charter to establish clear expectations for responsible AI adoption across the industry. The Charter reflects both the practical experience of CREST’s community and wider international thinking – such as that outlined in the Government Office for Science’s AI 2030 scenarios – reinforcing the importance of building trusted governance today.
Sebastian Madden, chief product officer at CREST, observed: “AI presents significant opportunities for the cyber security profession. It has the potential to improve efficiency, accelerate analysis, strengthen defensive capabilities and help organisations respond more effectively to emerging threats. At the same time, we must urgently address the practical challenges of governing, securing and validating these capabilities.”
The founding signatories are headquartered in 17 countries across Europe, North America, the Middle East and the Asia-Pacific region. These organisations collectively deliver the full suite of cyber security services, including threat-led penetration testing, vulnerability assessment, incident response, threat intelligence, security operations, application security testing and mobile application security testing.
AI Principles
The AI Charter is underpinned by the nine CREST AI Principles. These principles provide practical guidance covering accountability and governance, transparency of use, documentation and assurance, boundaries and control, data, sovereignty and client control, security and confidentiality, secure development of AI tooling, supply chain assurance and resilience and business continuity.
Founding signatories are helping to launch and champion the CREST AI Charter, duly demonstrating an early commitment to responsible AI in cyber security. Alongside the Charter, CREST is developing standards covering AI security and the use of AI for cyber security services, convening collaborative Working Groups, publishing independent research and hosting industry events to support trusted AI adoption worldwide.
*Further information is available online at www.crest-approved.org/ai-charter/
Western Business Media Limited
Dorset House
64 High Street
East Grinstead
RH19 3DE
UNITED KINGDOM