Skip to content
All posts

Periculo Joins CREST AI Charter as Founding Signatory

Periculo is a founding signatory of the CREST AI Charter, publicly committing to CREST's Nine Principles for responsible AI-enabled cybersecurity services.

Artificial intelligence is already becoming an integral part of how cybersecurity services are delivered in analysis, testing, detection, and decision-making. The question the industry hasn't fully answered yet is how to use it responsibly, with the same rigour clients expect from every other part of a security engagement. That's exactly what CREST's new AI Charter sets out to address, and we're proud to say Periculo is one of its founding signatories.

What is the CREST AI Charter?

The CREST AI Charter is a voluntary commitment through which cybersecurity providers publicly agree to support CREST's Nine Principles for AI-Enabled Activities. Signatories commit to using the Principles as a practical foundation for responsible AI use in their services, and to helping shape trusted, industry-wide standards for AI in cybersecurity.

What are CREST's Nine AI Principles?

CREST's Nine Principles for AI-Enabled Activities cover the ground that actually matters when AI touches client work:

  1. Accountability and governance — oversight and controls proportionate to the risk of the AI use.
  2. Transparency of use — telling clients where and how AI is used, including benefits, limits and risks.
  3. Documentation and auditability — traceable records of how AI-assisted work was done and reviewed.
  4. Boundaries and control — competent people stay in the loop, reviewing outputs and able to intervene.
  5. Data handling, sovereignty and client control — clarity on how client data is used, and where.
  6. Security and confidentiality — protecting client data, prompts and AI-generated outputs.
  7. Secure development of AI tooling — building and maintaining AI tools properly, throughout their lifecycle.
  8. Supply chain assurance — scrutiny of third-party AI providers and dependencies.
  9. Resilience and business continuity — a plan for when the AI doesn't work as expected.

None of this is abstract. It's the same discipline we'd want applied to any tool that touches a client's environment or data, and the Charter gives that discipline a shared, industry-wide definition.

Why did Periculo sign the CREST AI Charter?

Periculo signed the CREST AI Charter because cybersecurity runs on trust, and that standard has to extend to AI. Clients hand us access to sensitive systems and data on the understanding that we'll handle it with judgement and accountability. As AI becomes part of how testing, detection and response get done, clients deserve to know when AI is involved in their service, what it can and can't do, and who's accountable for the outcome.

Signing the Charter is a public commitment to that standard and a chance to help shape it. CREST's founding signatories span penetration testing, threat intelligence, incident response and security operations providers across Europe, North America, the Middle East and Asia-Pacific, over 10% of CREST's global membership, all pointed at the same problem.

What does being a founding signatory mean for Periculo's clients?

As a founding signatory, Periculo is listed on CREST's official AI Charter page alongside the other founding organisations, and now displays the CREST AI Charter Signatory badge across our site and channels as a visible marker of that commitment. In practice, it means clients can expect the transparency, governance and accountability set out in the Nine Principles wherever AI plays a role in how we deliver services.

This is the start, not the finish. CREST is building out an AI Hub, research and assurance frameworks over the coming months, and we'll keep engaging with that work as it develops because responsible AI use in cybersecurity isn't a box to tick once, it's an ongoing standard to hold ourselves to.

Read the CREST AI Charter and see the full list of founding signatories: crest-approved.org/ai-charter