// AI-FIRST GOVERNANCE

TTPSEC Group's responsible AI principles

The TTPSEC Group develops and operates artificial intelligence applied to critical-infrastructure cybersecurity. We adhere to the OECD AI Principles, UNESCO's Recommendation on the Ethics of AI and the European Union AI Act.

§ 01

Transparency

We clearly communicate when an AI system takes part in an analysis, recommendation or decision. We document the purpose, training data where applicable, and known limitations.

§ 02

Human oversight

No AI system executes irreversible actions on critical infrastructure without competent human validation. We keep an identifiable owner for every deployment.

§ 03

Non-maleficence

We build AI applied to cybersecurity in order to protect. We do not develop capabilities designed for indiscriminate harm, illegitimate mass surveillance or coercion.

§ 04

Privacy and data minimization

We collect only the data required for the stated purpose. We apply anonymization and bounded retention to threat telemetry.

§ 05

Robustness and security

We subject models to adversarial testing before and during operation. Prompt injection, data poisoning and evasion are part of our threat model.

§ 06

Fairness and non-discrimination

We assess bias in systems that may affect people or organizations and actively correct the imbalances we detect.

§ 07

Accountability

We keep traceability of AI-assisted decisions: logs, model versioning and a clear chain of responsibility.

§ 08

Responsible dual use

We recognize that AI-assisted offensive security tooling can be misused. We restrict access and prioritize coordinated vulnerability disclosure.

Effective

In force since January 2026. Reviewed annually.

Applies to TTPSEC Consulting, PurpleTeam Academy, TTPSEC AI, CISO Blog and TTPSEC Labs.

Contact

Questions about this statement or reports of misuse of our AI systems:

csirt@ttpsec.com