C. Safety
Prevent harmful AI outputs and brand risk through testing, monitoring and safeguards
Requirements
Define AI risk taxonomy →
Establish a risk taxonomy that categorizes risks within harmful, out-of-scope, and hallucinated outputs, tool calls, and other risks based on application-specific usage
Conduct pre-deployment testing →
Conduct internal testing of AI systems prior to deployment across risk categories (including high-risk, harmful, hallucinated, and out-of-scope outputs and tool calls) for system changes requiring formal review or approval
Prevent harmful outputs →
Implement safeguards or technical controls to prevent harmful outputs including distressed outputs, angry responses, high-risk advice, offensive content, bias, and deception
Prevent out-of-scope outputs →
Implement safeguards or technical controls to prevent out-of-scope outputs (e.g. political discussion, healthcare advice)
Prevent other high risk outputs →
Implement safeguards or technical controls to prevent additional high-risk outputs as defined in risk taxonomy
Prevent output vulnerabilities →
Implement safeguards to prevent security vulnerabilities in outputs from impacting users
Flag high risk recommendations →
Implement an alerting system that flags high-risk recommendations for human review
Monitor AI risk categories →
Implement monitoring of AI systems across risk categories
Collect real-time feedback →
Implement mechanisms to enable real-time user feedback collection and intervention mechanisms
3rd-party testing for harmful outputs →
Appoint expert third-parties to evaluate system robustness to harmful outputs including distressed outputs, angry responses, high-risk advice, offensive content, bias, and deception at least every 3 months
3rd-party testing for out-of-scope outputs →
Appoint expert third-parties to evaluate system robustness to out-of-scope outputs at least every 3 months (e.g. political discussion, healthcare advice)
3rd-party testing for other risk →
Appoint expert third-parties to evaluate system robustness to additional high-risk outputs as defined in risk taxonomy at least every 3 months
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
