Transparency
We clearly communicate when an AI system takes part in an analysis, recommendation or decision. We document the purpose, training data where applicable, and known limitations.
// AI-FIRST GOVERNANCE
The TTPSEC Group develops and operates artificial intelligence applied to critical-infrastructure cybersecurity. We adhere to the OECD AI Principles, UNESCO's Recommendation on the Ethics of AI and the European Union AI Act.
We clearly communicate when an AI system takes part in an analysis, recommendation or decision. We document the purpose, training data where applicable, and known limitations.
No AI system executes irreversible actions on critical infrastructure without competent human validation. We keep an identifiable owner for every deployment.
We build AI applied to cybersecurity in order to protect. We do not develop capabilities designed for indiscriminate harm, illegitimate mass surveillance or coercion.
We collect only the data required for the stated purpose. We apply anonymization and bounded retention to threat telemetry.
We subject models to adversarial testing before and during operation. Prompt injection, data poisoning and evasion are part of our threat model.
We assess bias in systems that may affect people or organizations and actively correct the imbalances we detect.
We keep traceability of AI-assisted decisions: logs, model versioning and a clear chain of responsibility.
We recognize that AI-assisted offensive security tooling can be misused. We restrict access and prioritize coordinated vulnerability disclosure.
In force since January 2026. Reviewed annually.
Applies to TTPSEC Consulting, PurpleTeam Academy, TTPSEC AI, CISO Blog and TTPSEC Labs.
Questions about this statement or reports of misuse of our AI systems:
csirt@ttpsec.com