CovertSwarm is a founding signatory of the CREST AI Charter

CovertSwarm has become a founding signatory of the CREST AI Charter, endorsing nine principles for responsible AI use in cybersecurity.

The CREST AI Charter, launched in June 2026, sets out the standards organizations should be meeting when AI is part of how they deliver security services: the questions that belong in every serious procurement conversation about AI-augmented offensive security.
Here’s what each one means in practice at CovertSwarm:

1. Accountability and governance. We define the scope and purpose of every AI-enabled activity in our work and apply governance controls proportionate to the risk of that use.
2. Transparency of use. We tell clients where and how AI is used in their engagement, including which tools are involved, what they touch, and where limitations or risks apply.
3. Documentation and auditability. Our AI use is traceable and reviewable. How findings are reached, what AI supported, and how outputs were validated is documented and available to support internal or external assurance.
4. Boundaries and control. Skilled operators retain oversight of all AI-enabled activity. They review outputs, challenge decisions, and intervene where needed. AI doesn’t determine findings, escalation decisions, or conclusions. The operator does.
5. Data handling, sovereignty and client control. We don’t use client data to train models. Client data is handled in line with agreed legal, regulatory, and contractual requirements, and stored only within agreed purposes and jurisdictions.
6. Security and confidentiality. Client data, prompts, outputs, and AI-generated artifacts are protected through appropriate technical and organizational controls.
7. Secure development of AI tooling. Our AI tooling is built and maintained under a secure development lifecycle and reviewed throughout its operational lifespan.
8. Supply chain assurance. We identify and assess material third-party AI technologies in our stack. Where they could affect your service, data handling, or continuity, we tell you.
9. Resilience and business continuity. We identify material AI dependencies in our service delivery and maintain defined fallback arrangements. If an AI dependency fails, engagements continue.

What this means for you

The Charter commitment has direct implications for how we work with you:

• You’ll always know which AI tools are active in your engagement and what they touch.
• Your data isn’t used to train models and stays within agreed jurisdictions and contractual controls.
• Every AI-assisted finding has a documented review trail. If your auditor or regulator asks, we can show our working.
• If an AI tool in our stack becomes unavailable, your engagement continues under defined fallback arrangements.

What this means for your Constant Cyber Attack engagement

Constant Cyber Attack is a human-led service augmented by AI. Our RAID (Red Team AI Division) capability supports continuous recon, analysis, and pattern recognition across your attack surface. But AI doesn’t decide what to attack, what to escalate, or what to report back to you.

Those calls sit with the operator. Every finding you receive has been reviewed and validated by a skilled member of the Swarm, not produced and shipped by an automated pipeline. Signing the CREST AI Principles formalizes what was already true about how your subscription works.

“The question we hear most from CISOs is the same one: how do you use AI, and what does it mean for our data and our audit posture?” says James Dale, Swarm Director at CovertSwarm. “The CREST AI Principles give us a specific, testable answer. Not a position statement. A public set of commitments you can hold us to.”

Read the full CREST AI Principles at crest-approved.org.