Limit AI agent data collection
Implement safeguards to limit AI agent data access to task-relevant information based on user roles and context
Control activities
Configuring data collection limits to reduce data and privacy exposure. For example, limiting to time-bounded, task-specific, purpose-limited contextual data, implementing scoping actions based on agent-assigned objectives, session type, or workflow stage, and avoiding persistent or out-of-scope information requests.
Deploying monitoring and enforcement mechanisms. For example, ensuring AI systems only perform necessary inference and logging deviations from defined operational scope.
Integrating with existing identity and access management (IAM) systems to align agent access permissions with organizational policies. For example, oAuth.
Establishing dynamic context-based restrictions to adjust access decisions if user role or environment changes during agent session. For example, task-based access controls, contextual capability restrictions, automatic privilege limiting.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."
By accessing or using our website, you agree to our Terms of Service and Privacy Policy.