Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Chinese-Funded Interpol Cybercrime Crackdown Leads to 5,800 Arrests

July 9, 2026

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

July 9, 2026

75% CISOs Fear Executives Don’t Understand Cybersecurity Risks

July 9, 2026
Facebook X (Twitter) Instagram
Friday, July 10
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»New AI Security Charter Backed by Over 70 Cyber Firms
News

New AI Security Charter Backed by Over 70 Cyber Firms

Team-CWDBy Team-CWDJuly 9, 2026No Comments4 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Over 70 cybersecurity organizations have signed a new charter, vowing a responsible use of AI for cybersecurity purposes.

The AI Charter, launched by cyber industry body CREST on July 9, is built around nine principles for AI-enabled cybersecurity activities that were initially revealed in March:

  • Accountability and governance
  • Transparency of use
  • Documentation and auditability
  • Boundaries and control
  • Data handling, sovereignty and client control
  • Security and confidentiality
  • Secure development of AI tooling
  • Supply chain assurance
  • Resilience and business continuity

CREST’s Principles for AI-Enabled Cybersecurity

First, the signatories made a commitment to accountability, governance and transparency. Under these foundational principles, signatory firms must clearly define the scope and purpose of all AI-enabled activities while rigorously assessing how they affect service delivery, client outcomes, data handling and operational risks. Governance and testing controls must remain proportional to the scale of AI deployment.

Furthermore, firms pledge to maintain absolute transparency, informing clients whenever AI is used in their tools or methodologies and clearly explain the associated benefits, limitations and risks.

To maintain trust and operational integrity, the charter emphasizes documentation, auditability, human oversight and strict data sovereignty. Signatories commit to keeping traceable, reviewable records of their AI utilization, alongside validation and quality assurance processes, to ensure compliance audits are fully supported.

While AI tools may operate with various levels of autonomy, the charter mandates that qualified personnel must maintain final oversight, retaining the power to intervene, review outputs and challenge decisions.

Additionally, data handling is strictly governed: firms must clearly disclose whether client data will be used to train models or be transferred across jurisdictions, ensuring all data usage aligns perfectly with agreed legal, regulatory and contractual commitments.

The remaining pillars of the charter focus on securing the technology itself and building long-term operational resilience. Firms are required to safeguard client prompts, outputs, and AI-generated assets through robust security and confidentiality controls, while adhering to secure development and integration practices throughout the entire lifecycle of their AI tools.

This security mindset extends to the supply chain, requiring signatories to identify and manage the risks of any third-party AI dependencies.

Finally, to ensure business continuity, firms must proactively plan for potential AI failures, establish practical fallback arrangements and remain completely transparent with clients regarding how system disruptions could impact service levels and recovery expectations.

Over 70 Signatories to the CREST AI Charter

To develop these principles, CREST reviewed existing frameworks on AI use for cybersecurity purposes, with contributions from its members, feedback from industry leaders during the CRESTCon Leaders Days and other events and validation from the organization’s technical committee.

A key deciding factor for the selected principles was defining “what sets AI-driven cyber services apart from traditional ones,” a CREST spokesperson told Infosecurity.

To further back the launch, CREST said it recently found that 69% of cybersecurity providers are now using AI in daily service delivery and 76% say that use has grown in the past year.

The 73 founding signatories of the CREST AI Charter represent 10% of the body’s members, spanning Europe, North America, the Middle East and Asia-Pacific.

They include firms across many cybersecurity domains, including penetration testing, vulnerability assessment, incident response, security operations and threat intelligence.

Critical Need for AI Cybersecurity Standards

The AI Charter is “just the start,” Nick Benson, CEO of CREST, told Infosecurity. “We expect this to have a snowball effect whereby organizations, governments and providers also adopt these common principles.”

CREST described its model as “one of self-regulation, aimed at enabling a functioning, successful market” and hopes the AI Charter can make “regulation less necessary and the compliance burden lighter.

Nevertheless, Benson said it is “absolutely critical that we move rapidly beyond the principles to establish thorough standards that can be independently assessed against.”

Additionally, he added that the industry body would “welcome regulators supporting and signposting these principles.”

“Aligning national standards to the CREST ones will promote harmonization, cross-border interoperability and minimize frictional costs for both buyers and vendors,” he Benson concluded.

Read now: UK Government Launches Cyber Resilience Pledge, Claiming 60+ Signatories



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleAI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Next Article Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Team-CWD
  • Website

Related Posts

News

Chinese-Funded Interpol Cybercrime Crackdown Leads to 5,800 Arrests

July 9, 2026
News

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

July 9, 2026
News

75% CISOs Fear Executives Don’t Understand Cybersecurity Risks

July 9, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Mobile app permissions (still) matter more than you may think

February 27, 2026

What is it, and how do I get it off my device?

September 11, 2025

What’s at stake if your employees post too much online

December 1, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.