CARDIFF, UK, July 14, 2026 – Critical Cloud has formed a strategic partnership with Tarian Labs to provide fintech organisations with Continuous Runtime Security Validation. The joint service is designed to deliver ongoing evidence that live production environments remain protected, replacing the traditional approach of relying on penetration test reports that quickly lose relevance after software releases, cloud updates or AI deployments.
The service combines Critical Cloud’s Managed Runtime Assurance approach with Tarian Labs’ practitioner-led offensive security expertise, built on experience across government, defence and critical national infrastructure sectors. Managed Runtime Assurance focuses on the accountable operation of production applications, cloud platforms and AI systems so they remain observable, resilient, secure, cost efficient and ready to provide evidence when required.
For regulated organisations, security testing becomes an ongoing operational process rather than a one-off assessment. Findings are remediated, validated through retesting and supported with evidence confirming completion.
Continuous Runtime Security Validation brings together Critical Cloud’s Datadog-powered managed operating model and Tarian Labs’ offensive security specialists through an Observe, Detect, Validate cycle. Critical Cloud maintains visibility and operational governance across production cloud, observability and AI runtime environments, while Tarian Labs independently assesses those environments through penetration testing, cloud and infrastructure reviews, web application testing, API assessments and retesting. Security findings move directly into remediation before independent verification confirms closure.
Independence remains central to the service. Tarian Labs is responsible for testing methodology, findings, severity ratings and retesting, while Critical Cloud manages remediation and runtime improvements. Every engagement is conducted with customer approval, defined scope, agreed rules of engagement and controlled evidence management.
“Detection without validation is hope, not assurance,” said James Smith, CEO of Critical Cloud.
“Testing should not stop at the report,” said Kevin Hanford, Co-Founder and CEO of Tarian Labs.
Continuous Runtime Security Validation engagements are now available across the UK and Ireland. A packaged joint offering will follow, alongside Welsh fintech events and a live demonstration environment showcasing the Observe, Detect, Validate process, remediation, retesting and evidence of closure.
Critical Cloud is ISO 27001 certified, holds Cyber Essentials Plus accreditation and is both a Powered by Datadog accredited partner and Datadog Advanced Partner. Tarian Labs delivers engagements through CREST registered practitioners with sign-off at NCSC recognised CHECK Team Leader (CSTL-INF) level.