Prevent AI cyber misuse
Implement or document guardrails to prevent AI-enabled misuse for cyber attacks and exploitation
Control activities
Results of testing from foundation model developer on offensive cyber capabilities and mitigations.
Attestation the mitigations have not been removed.
Implementing malicious use detection and blocking. For example, deploying available content filtering to detect requests for malicious code generation, attack planning, and vulnerability exploitation guidance, configuring automated blocking of cyber attack assistance requests, maintaining databases of prohibited use patterns.
Establishing usage monitoring and threat intelligence. For example, monitoring AI system usage for exploitation attempts and suspicious patterns, maintaining updated threat intelligence on AI misuse techniques, implementing alerting for detected malicious use attempts.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
