Limit output over-exposure
Implement output limitations and obfuscation techniques to reduce information leakage
Control activities
Reducing or limiting the number of results shown in outputs to relevant only to balance security and utility.
Limiting the output format to reduce exploitability. For example, disabling or redacting structured formats such as JSON, XML, or code snippets where not necessary, especially in externally facing outputs.
Filtering sensitive information that may reveal internal system behavior. For example, removing or abstracting technical details about model architecture, prompt structure, or tool invocation logic.
Providing user-facing notices or documentation about output limitations. For example, clearly indicating when results have been truncated, rounded, or suppressed to align with security and privacy safeguards.
Limiting the fidelity of numerical outputs in certain use cases. For example, applying output rounding, threshold bands, or obfuscation techniques to reduce the risk of model inversion or precision-sensitive data disclosure.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
