We have signed the CREST AI Charter as a founding signatory. Around 60 organisations globally signed at launch. We are one of them.
That is not a small thing. Founding signatory status means being part of the group that defines what the standard looks like from the start, not adopting it once everyone else already has.
What the Charter is
CREST is the international not-for-profit that accredits cybersecurity providers and sets professional standards across the industry. Edgescan has been CREST-certified for years. The AI Charter extends those standards into how AI is built and used in security services specifically.
Its nine principles cover accountability and governance, transparency of use, documentation and auditability, human oversight and control, data handling and client control, security and confidentiality, secure AI development, supply chain assurance, and resilience.
Validated findings, human expert review, near-zero false positives, contextual risk scoring. That is how the Edgescan platform has always been built. The Charter formalises it against an independent standard.
Why this matters to us
Eoin Keary, Founder and CEO: “AI has real potential to be a force for good in cybersecurity. But the technology is still in its infancy, and strong guardrails need to be established now, before deployment becomes so widespread that course correction gets difficult. Signing the CREST AI Charter is our public commitment to building and deploying AI with clear behaviour, boundaries, and ethical guidelines. Sensible design and real accountability are what help AI aid rather than hinder the people it serves.”
We already apply rigorous professional standards to everything we do. Extending those standards to how we build and deploy AI is not a stretch. It is the obvious next step.
What it means in practice
AI runs through the Edgescan platform. It drives automated validation, powers AI Insights, and feeds into the EXF score that combines CVSS, EPSS, and CISA KEV data to surface what actually needs fixing. That AI now operates under the Charter’s principles explicitly.
For customers, that means the AI shaping prioritisation decisions in their security programme has been built with transparency and human oversight as requirements, not add-ons. Our analysts work with the data. They do not hand decisions over to it.
You can read the full CREST AI Charter and the nine principles at crest-approved.org.
To see how Edgescan’s AI-powered platform delivers validated, responsible vulnerability intelligence, request a demo.
