Share transparency reports
Establish policies for sharing transparency reports with relevant stakeholders including regulators and customers
Control activities
Defining report scope and recipient categories with clear criteria for when reports must be shared. For example, regulators, customers, and other stakeholders.
Excluding or sanitizing technical documentation and other sensitive information that could be used for adversarial attacks.
Implementing secure delivery methods with appropriate authentication and access control. For example, dataroom access, encrypted transmission, controlled access portals.
Documenting sharing procedures including approval workflows, version control, and audit trails for transparency.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
