Founding signatory of the CREST AI Charter

Claranet has become a founding signatory of the CREST AI Charter, a public commitment to using artificial intelligence responsibly across cybersecurity services. We're among the first group of CREST members worldwide to put our name to it. 

The Charter is the work of CREST, the global not-for-profit that accredits providers and sets professional standards across the cybersecurity industry. It asks signatories to support CREST's nine AI Principles and to help shape AI-enabled security services that customers can trust. More than one in ten CREST members signed up in the founding group, spanning Europe, North America, the Middle East, and Asia-Pacific. 

Why the Charter matters now

AI is already part of how cybersecurity gets done. CREST's own research found that 69% of providers use AI somewhere in their penetration testing workflows, and 76% have increased that use over the past year, most often in reconnaissance, analysis, and reporting. 

The opportunity is real, but so is the risk. In an industry built on assurance, capability without accountability is a problem. The question isn't whether to use AI. It's how to use it without diluting the trust, transparency, and human judgement that customers are paying for. As one practitioner put it at a CREST roundtable, 'the AI guard rail is me.' That's the gap the Charter sets out to close. 

What we're committing to

Signing the Charter means publicly supporting CREST's AI Principles. These are nine commitments that govern how AI is used in security work:

• Accountability and governance
• Transparency of use
• Documentation and auditability
• Boundaries and control, with competent people keeping oversight of AI-enabled activity
• Data handling, sovereignty, and client control
• Security and confidentiality
• Secure development of AI tooling
• Supply chain assurance
• Resilience and business continuity

In practice, that means we tell you where AI plays a part in your service, we keep a person accountable for the outcome, and we handle your data within the boundaries we've agreed. As a CREST-accredited provider, that discipline is already how we work. AI supports our specialists; it doesn't replace the judgement you're relying on. 

What it means for our customers

For the teams who rely on our continuous security testing, managed detection and response, and wider security services, the Charter is a straightforward signal: where we use AI, we'll be open about it, we'll govern it, and a qualified human stays in the loop. That's the standard we already hold ourselves to, and signing the Charter puts it on the record alongside our peers. 

'AI is moving fast, and our customers are right to ask how we're using it. Signing the Charter is us saying, in public, that we'll be open about where AI supports our work and that a qualified person stays accountable for every result. Trust is the thing we sell, and we're not about to let automation erode it,' says Jed Kafetz, head of commercial innovation at Claranet and a member of the CREST UK Council. 

You can read the CREST AI Charter and the full nine principles on the CREST website.