New AI Security Charter Backed by Over 70 Cyber Firms
New AI Security Charter Backed by Over 70 Cyber Firms
https://www.infosecurity-magazine.com/news/crest-ai-security-charter-cyber/
Publish Date: 2026-07-09 05:30:00
Source Domain: www.infosecurity-magazine.com
Over 70 cybersecurity organizations have signed a new charter, vowing a responsible use of AI for cybersecurity purposes.
The AI Charter, launched by cyber industry body CREST on July 9, is built around nine principles for AI-enabled cybersecurity activities that were initially revealed in March:
- Accountability and governance
- Transparency of use
- Documentation and auditability
- Boundaries and control
- Data handling, sovereignty and client control
- Security and confidentiality
- Secure development of AI tooling
- Supply chain assurance
- Resilience and business continuity
CREST’s Principles for AI-Enabled Cybersecurity
First, the signatories made a commitment to accountability, governance and transparency. Under these foundational principles, signatory firms must clearly define the scope and purpose of all AI-enabled activities while rigorously assessing how they affect service delivery, client outcomes, data handling and operational risks. Governance and testing controls must remain proportional to the scale of AI deployment.
Furthermore, firms pledge to maintain absolute transparency, informing clients whenever AI is used in their tools or methodologies and clearly explain the associated benefits, limitations and risks.
To maintain trust and operational integrity, the charter emphasizes documentation, auditability, human oversight and strict data sovereignty. Signatories commit to keeping traceable, reviewable records of their AI utilization, alongside validation and quality assurance processes, to ensure compliance audits are fully supported.
While AI tools may operate with various levels of autonomy, the charter mandates that qualified personnel must maintain final oversight, retaining the power to intervene, review outputs and challenge decisions.
Additionally, data handling is strictly governed: firms must clearly disclose whether client data will be used to train models or be transferred across jurisdictions, ensuring all data usage aligns…