Monitor AI risk categories
Implement monitoring of AI systems across risk categories
Control activities
Implementing proactive detection. For example, defining potential scenarios that could generate harmful outputs under normal or adversarial use, documenting risk scenarios to guide test planning and operational safeguards aligned with risk taxonomy, deploying automated detection tools (e.g. classifiers, heuristics, anomaly detectors).
Establishing ongoing monitoring. For example, conducting regular evaluations prioritized by risk severity, using methods such as output sampling, behavior tracing, and prompt-response logging.
Maintaining documentation. For example, recording identified scenarios with clear examples, conditions, and mitigation approaches, updating risk taxonomy based on monitoring findings and incidents.
Integrating AI output monitoring with existing security tools. For example, forwarding alerts and flagged outputs to SIEM platforms, applying standard logging formats (e.g. JSON, syslog) to support automated threat detection workflows.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
