Prevent other high risk outputs
Implement safeguards or technical controls to prevent additional high-risk outputs as defined in risk taxonomy
Control activities
Implementing detection and blocking mechanisms aligned with organizational risk taxonomy. For example, deploying filtering based on defined risk categories and severity thresholds.
Maintaining risk-based response controls. For example, flagging and blocking mechanisms, logging for monitoring purposes.
Establishing escalation procedures for flagged high-risk content. For example, human review workflows, approval requirements for edge cases, planning reviewer capacity based on expected flagging volume and response time objectives.
Implementing automated real-time response mechanisms. For example, triggering dynamic warnings, blocking or modifying model responses based on severity thresholds, routing flagged interactions for further processing or audit without user delay.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
