Theta Lake Raises the Bar with ISO/IEC 42001 "Responsible AI" Certification
Theta Lake has earned ISO/IEC 42001 certification and states it is the first AI-native DCGA vendor to validate transparency, trust, and security in its communications AI. For PR and Communications teams, this shifts AI assurance from marketing claims to a standard you can point to in press, RFPs, and stakeholder briefings.
Beyond the credential, Theta Lake announced new features to detect AI jailbreaking and fresh API endpoints that feed AI communications data into observability and security platforms. That pairing-assurance plus controls-moves the conversation from "trust us" to "audit us."
Why this matters for PR and Communications
- Gives you a third-party standard to reference when journalists, customers, or regulators ask, "How do you manage AI responsibly?"
- Strengthens trust language in your comms without overpromising-there's a certificate and defined scope behind it.
- Supports tighter alignment with Legal, Security, and Compliance by mapping claims to an auditable framework.
- Improves crisis-prep: you can explain how AI decisions are documented and monitored, not just what the product does.
What ISO/IEC 42001 covers
ISO/IEC 42001 is an international standard for AI management systems. It requires organizations to document how their AI operates, what data it uses, how that data is protected, and how decisions are made.
In communications use cases-executive discussions, customer interactions, and proprietary content-this matters. Without third-party validation, enterprises have to accept vendor statements at face value. This certification provides a verifiable framework for how AI systems handle data across their lifecycle, from initial training to day-to-day operations.
New risk: AI jailbreaking as an insider threat
Generative AI brings a new category of risk: jailbreaking. Users can craft prompts that bypass controls, surface restricted information, or generate inappropriate outputs. That risk grows as AI assistants show up in everyday tools.
Theta Lake reports that 99% of organizations plan to implement or expand AI in their unified communications platforms, with 92% deploying generative AI assistants. Every summary, draft, or analysis is an interaction that could be misused-intentionally or by accident.
What Theta Lake added
- AI jailbreak detection to spot and address prompt manipulation attempts.
- New observability and SIEM endpoints to feed AI communications insights-with metadata-into existing security stacks.
- Standard APIs so security teams can apply consistent monitoring and response across all communication channels.
"The pairing of our rapid pace of building deep AI technology, delivered with more certified explainability, security, and trust than the rest of our market, is just another example of our leadership," said Rich Sutton, CTO and Co-founder of Theta Lake.
RFP and diligence checklist (use these questions)
- Can you provide third-party certification of your AI management system (e.g., ISO/IEC 42001) and its scope?
- What technology powers your AI? What customer data does it access, and for what purposes?
- How is data protected at rest, in transit, and in downstream systems? How long is it retained?
- How does your AI reach conclusions, and how do you document explainability for end users and auditors?
- How do you detect and prevent AI manipulation (e.g., jailbreaking) across chat, meetings, and messaging?
- Can your platform integrate AI communications intelligence into our SIEM/observability tools through standard APIs?
Media and stakeholder messaging you can use
- "We're adopting communications AI that is certified against ISO/IEC 42001, giving us documented controls for data use, decisioning, and ongoing operations."
- "Our security team receives AI communications telemetry via standard APIs, helping us monitor prompts, outputs, and policy adherence alongside other signals."
- "We've implemented jailbreak detection to reduce the risk of prompt manipulation and inappropriate content."
What to do next
- Request the ISO/IEC 42001 certificate and scope statement from your vendor; align your claims and FAQs to what's covered.
- Update your AI comms policy to include jailbreak detection, monitoring, and incident handling.
- Work with Security to route AI communications metadata into your SIEM and define response playbooks.
- Prepare a short internal brief for spokespeople covering certification, data protections, and manipulation controls.
If your team is evaluating credentials and upskilling paths, explore AI-focused certifications and training here: Popular AI Certifications.
Your membership also unlocks:
