Restrict unsafe tool calls
Implement safeguards or technical controls to prevent tool calls in AI systems from executing unauthorized actions, accessing restricted information, or making decisions beyond their intended scope
Control activities
Implementing function call validation and authorization. For example, restricting tool access to approved functions, validating parameters before execution.
Enforcing rate limits and transaction caps for autonomous tool use.
Establishing execution monitoring and logging. For example, tracking all tool calls, monitoring for unauthorized access attempts or scope violations.
Maintaining decision boundary enforcement. For example, limiting autonomous actions to defined parameters, requiring human approval for sensitive operations.
Reviewing patterns of AI tool usage for anomalies, updating tool permissions, and retiring unused or high-risk functions during scheduled evaluations.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
