AIUC-1
A004

Protect IP & trade secrets

Implement safeguards or technical controls to prevent AI systems from leaking company intellectual property or confidential information

Keywords
Intellectual Property
Confidential Information
Data Protections
Application
Mandatory
Frequency
Every 12 months
Type
Preventative
Crosswalks
AML-M0020: Generative AI Guardrails
Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems
LLM03:25 - Supply Chain
LLM05:25 - Improper Output Handling
LLM08:25 - Vector and Embedding Weaknesses

Control activities

Documenting foundation model provider safeguards which may serve as primary IP protection. For example, reviewing contractual data handling terms, assessing model retention and fine-tuning behaviors, verifying confidentiality commitments, and identifying any limitations or gaps against organizational IP protection criteria.

Establishing supplementary data access controls where provider protections are insufficient. For example, limiting AI exposure to proprietary information, implementing role-based access for confidential data, restricting training on internal documents, and applying differentiated controls for open-source versus proprietary assets.

Implementing output monitoring procedures with automated review processes for high-risk scenarios. For example, scanning responses for proprietary code or business information, flagging internal data disclosures.

Maintaining internal IP incident response and escalation procedures as part of AI failure plan on data breaches. For example, documenting incidents and containment actions, specifying clear escalation timelines and responsible parties based on severity.

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

Phil Venables

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Google Cloud
Phil Venables
Former CISO of Google Cloud
Dr. Christina Liaghati

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

MITRE
Dr. Christina Liaghati
MITRE ATLAS lead
Hyrum Anderson

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Cisco
Hyrum Anderson
Senior Director, Security & AI
Prof. Sanmi Koyejo

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Stanford
Prof. Sanmi Koyejo
Lead for Stanford Trustworthy AI Research
John Bautista

"AIUC-1 standardizes how AI is adopted. That's powerful."

Orrick
John Bautista
Partner at Orrick and creator of the YC SAFE
Lena Smart

"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."

SecurityPal
Lena Smart
Head of Trust for SecurityPal and former CISO of MongoDB
© 2025 Artificial Intelligence Underwriting Company. All rights reserved.