
Over 42,000 CRA Accounts Breached: What to Know
More than 42,000 Canadian taxpayer accounts have been breached since 2020. Learn more about the data breach class-action lawsuit involving CRA accounts.
May 20, 2026 - Blog
Authored By Packetlabs

Artificial intelligence (AI) is transforming the cybersecurity industry at an unprecedented pace.
From threat detection and incident response to vulnerability management and penetration testing, AI-powered tools are becoming a core component of modern cybersecurity operations. However, as organizations increasingly rely on AI-enabled services, questions surrounding trust, transparency, accountability, and governance have become critical.
To address these concerns, CREST has introduced the CREST AI Charter and a comprehensive set of AI Principles designed to support responsible AI adoption across the cybersecurity sector. These principles provide a practical framework that helps cybersecurity providers, clients, regulators, and practitioners confidently navigate the evolving landscape of AI-enabled cybersecurity services.
The cybersecurity industry has always been built on trust. Organizations depend on security providers to protect sensitive data, identify vulnerabilities, and defend against evolving threats.
As AI becomes integrated into these services, maintaining trust becomes even more important.
AI offers significant benefits, including:
Faster threat detection and response
Enhanced security analytics
Improved operational efficiency
Greater scalability of cybersecurity services
Better decision-making through advanced data analysis
However, AI also introduces new risks. Organizations may have concerns about how AI systems are trained, how decisions are made, where data is stored, and whether AI-generated outputs can be trusted. Without proper governance and transparency, these concerns can undermine confidence in AI-enabled cybersecurity services.
The CREST AI Charter seeks to address these challenges by promoting responsible AI use throughout the cybersecurity ecosystem.
The CREST AI Charter is a voluntary commitment that brings together organizations that support the responsible use of AI within cybersecurity. The charter recognizes the importance of shared principles, professional standards, transparency, and industry collaboration.
Organizations that become CREST AI Charter signatories publicly commit to supporting responsible AI practices and recognize the CREST AI Principles as a practical foundation for AI-enabled cybersecurity services.
The charter aims to:
Promote trust in AI-enabled cybersecurity services
Establish accountability and transparency standards
Encourage responsible innovation
Strengthen collaboration across the cybersecurity industry
Support clients in understanding how AI is being used
With dozens of founding signatories spanning multiple countries, the initiative demonstrates a growing industry commitment to ethical and trustworthy AI deployment in cybersecurity.
At the heart of the charter are nine foundational principles that guide responsible AI use in cybersecurity.
Organizations must clearly define the scope and purpose of AI-enabled activities. This includes assessing how AI may impact service delivery, decision-making, data handling, and operational risk.
Strong governance frameworks ensure that appropriate oversight, testing, and controls are applied based on the scale and risk profile of AI systems.
Transparency is essential for building trust. Organizations should inform clients when AI technologies, methodologies, automations, or third-party AI solutions are being used as part of service delivery.
Clients should understand:
How AI is being used
The benefits of AI implementation
Potential limitations
Associated risks
This transparency enables informed decision-making and promotes confidence in cybersecurity engagements.
AI-enabled cybersecurity services should maintain comprehensive documentation regarding:
AI usage
Service delivery processes
Validation procedures
Quality assurance activities
Review mechanisms
Maintaining audit trails helps ensure AI use remains traceable, reviewable, and accountable. Documentation also supports internal governance and external assurance requirements.
Human oversight remains a critical component of responsible AI deployment.
Organizations should ensure qualified personnel oversee AI-enabled activities, particularly when autonomous or semi-autonomous capabilities are involved. Security professionals must review outputs, challenge decisions when necessary, and intervene appropriately.
AI systems should operate within clearly defined organizational and client-approved boundaries to prevent misuse or unintended outcomes.
Data management is one of the most significant concerns surrounding AI adoption.
Organizations should clearly communicate:
Whether client data may be used for model training
Whether data is transferred outside agreed-upon jurisdictions
How client information is stored and protected
What controls govern data access and processing
This principle reinforces legal, contractual, and regulatory compliance while preserving client trust.
Cybersecurity providers must apply robust technical and organizational controls to protect:
Client data
AI prompts
AI-generated outputs
Associated artifacts
Organizations should also be transparent about how client information is secured when AI-enabled activities are conducted. Security and confidentiality remain non-negotiable components of responsible AI adoption.
AI systems themselves must be developed and maintained securely.
Organizations should implement secure development practices throughout the AI lifecycle, including:
Design
Development
Testing
Deployment
Maintenance
Regular reviews help ensure AI tools remain reliable, effective, and appropriately governed over time.
Many cybersecurity services rely on third-party AI technologies and providers.
Organizations must identify these dependencies and assess their associated risks, including:
Security risks
Compliance concerns
Operational resilience
Data handling implications
Appropriate supplier governance and risk management processes should be implemented to address third-party AI dependencies. Transparency regarding these relationships is also essential when they may impact service delivery or client data.
Organizations should assess how AI dependencies could affect service continuity.
Potential AI disruptions may include:
Service outages
Model failures
Infrastructure issues
Third-party provider disruptions
Appropriate contingency plans, fallback procedures, and recovery strategies help ensure cybersecurity services remain resilient even when AI systems become unavailable. Clients should also understand how disruptions may affect service delivery expectations.
The charter provides cybersecurity organizations with a structured framework for implementing AI responsibly.
Key benefits include:
Clients increasingly demand transparency regarding AI use. Following recognized industry principles demonstrates commitment to responsible practices and builds confidence.
Organizations that align with established AI governance frameworks can differentiate themselves in a crowded cybersecurity marketplace.
The principles help identify and mitigate risks related to AI governance, data handling, supply chain dependencies, and operational resilience.
As governments introduce AI regulations and compliance requirements, organizations that adopt governance frameworks early will be better positioned to meet future obligations.
Participation in initiatives such as the CREST AI Charter demonstrates leadership and commitment to advancing responsible AI use across the cybersecurity profession.
AI adoption within cybersecurity is expected to accelerate significantly over the coming years. Security operations centers, managed security service providers, penetration testing firms, threat intelligence teams, and compliance professionals are all exploring new ways to leverage AI capabilities.
Emerging applications include:
AI-assisted penetration testing
Automated threat hunting
Security analytics
Vulnerability prioritization
Incident response automation
Threat intelligence correlation
Security reporting and documentation
As these technologies mature, industry frameworks like the CREST AI Charter will play an increasingly important role in ensuring AI is deployed responsibly, transparently, and securely.
Organizations that embrace these principles today will be better positioned to maximize AI's benefits while maintaining the trust of clients, regulators, and stakeholders.
Artificial intelligence is rapidly reshaping the cybersecurity landscape, offering powerful opportunities to improve efficiency, strengthen defenses, and enhance service delivery. However, successful adoption depends on maintaining trust, accountability, transparency, and strong governance.
The CREST AI Charter provides a practical framework for achieving these goals. Through its nine AI Principles, the charter establishes clear expectations for responsible AI use across cybersecurity services, helping organizations navigate emerging challenges while fostering confidence among clients and stakeholders.
As AI becomes an integral part of cybersecurity operations, adherence to established principles such as accountability, transparency, security, data sovereignty, and resilience will be essential. Organizations that prioritize responsible AI adoption today will be best positioned to thrive in the next generation of cybersecurity.
Packetlabs is honored to be one of the founding AI Charter signatories spanning across Europe, North America, the Middle East, and Asia-Pacific, reflecting a shared commitment to responsible AI use in cybersecurity and representing a broad cross-section of the industry across:
Penetration testing
Vulnerability assessment
Incident response
Security operations
Threat intelligence