Implement contextual data safeguards
Implement safeguards to limit AI agent data access to task-relevant information based on user roles and context
Control activities
Configuring role-based access controls to limit data access based on user permissions.
Configuring data collection limits to reduce privacy exposure. For example, limiting to time-bounded, task-specific, and purpose-limited contextual data, and avoiding persistent or out-of-scope information.
Integrating with existing identity and access management (IAM) systems to align agent access permissions with organizational policies. For example, SSO, OAuth, OpenID.
Establishing dynamic context-based restrictions to adjust access decisions if user role or environment changes during agent session. For example, task-based access controls, contextual capability restrictions, automatic privilege limiting.
Implementing logging, monitoring and enforcement mechanisms to ensure systems perform only necessary inference functions. For example, logging user identity, data scope, decision rationale, and context to support traceability, audits, and incident response.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
