Home » News » Global industry initiative launched to support responsible AI use in cybersecurity
Posted by Rachel Simpson on 12 June 2026
60+ cybersecurity organisations become founding signatories of the CREST AI Charter
As many of us know, artificial intelligence is rapidly becoming part of cybersecurity service delivery throughout all disciplines. Across our global member base, we’re hearing from service providers about how their organisations are using AI to support activities ranging from analysis and reporting to threat detection, vulnerability assessment and security testing. But, as adoption grows, so does the need for trust, transparency, accountability and professional oversight.
Today, CREST is pleased to announce the launch of the CREST AI Charter and CREST AI Principles, alongside a global cohort of ~60 founding signatory organisations who have publicly committed to supporting responsible AI use across cybersecurity services. More than ten per cent of CREST member organisations have joined the initiative as founding signatories, representing a broad cross-section of the global cybersecurity profession.
The founding signatories span 15 countries across Europe, North America, the Middle East and Asia-Pacific, and collectively deliver services including penetration testing, vulnerability assessment, incident response, threat intelligence, security operations and threat-led penetration testing.
Why now?
“Artificial intelligence presents significant opportunities for the cybersecurity profession,” explains Sebastian Madden, Chief Product Officer at CREST. “It has the potential to improve efficiency, accelerate analysis, strengthen defensive capabilities and help organisations respond more effectively to emerging threats.
But at the same time, AI raises important questions around governance, transparency, accountability and trust.”
Through our own industry dialogues, we are seeing that buyers increasingly want to understand how AI is being used within cybersecurity services, how outputs are validated, where human oversight remains in place and who is accountable for decisions and outcomes. Our own recent research has identified growing demand for transparency, governance and assurance as AI adoption accelerates across cybersecurity services.
The CREST AI Charter has been developed to support a shared industry commitment to responsible AI use and is underpinned by the CREST AI Principles, which provide practical guidance on topics including governance, transparency, documentation, accountability, validation and human oversight.
The CREST AI Charter is a public commitment by organisations to support responsible AI adoption and the principles that underpin trusted AI-enabled cybersecurity services.
The Charter brings together organisations that recognise the importance of:
Trust and accountability
Transparency of AI use
Human oversight and professional judgement
Governance and risk management
Independent assurance
Industry collaboration and shared standards
These themes are increasingly recognised as essential foundations for trustworthy AI across multiple sectors and international frameworks.
The founding signatories represent a diverse range of cybersecurity providers and specialisms. Collectively they include organisations delivering:
Penetration testing
Vulnerability assessment
Incident response
Security operations
Threat intelligence
Application security testing
Threat-led penetration testing
Mobile application security testing
Their support reflects growing industry recognition that responsible AI adoption requires more than technology alone. It requires shared expectations, professional standards and practical approaches to assurance.
– Nick Benson, CEO, CREST
What happens next?
CREST AI ecosystem (future state)
The Charter and Principles form part of a broader CREST initiative examining how AI is reshaping cybersecurity services. Over the coming months, CREST will continue to work with members, industry experts, buyers and regulators to:
Develop practical guidance and good practice
Publish research and industry insights
Explore future assurance approaches
Support industry collaboration
Help organisations navigate AI adoption with confidence
As AI becomes increasingly embedded within cybersecurity services, CREST’s focus remains clear: helping the industry build trust in AI-enabled cybersecurity.
We’re working in collaboration with industry leaders and service providers to help shape a future where AI strengthens trust, confidence and professionalism across the global cybersecurity profession.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
