~ / directory / aiuc-1
A1
Mixed · AI Governance & Standards · reviewed 2026-04

AIUC-1

The world's first AI agent security, safety, and reliability certification standard. Integrates OWASP, MITRE ATLAS, NIST AI RMF, EU AI Act, and CSA AICM crosswalks. Audited by Schellman. Quarterly updates.

Visit www.aiuc-1.com
01

What it does

AIUC-1 (Artificial Intelligence Unified Controls) is the first comprehensive certification standard specifically designed for AI agents in enterprise environments. Created by the Artificial Intelligence Underwriting Company with technical contributors including MITRE, Cisco, Cloud Security Alliance, Stanford's Trustworthy AI Research Lab, and MIT Sloan. Covers six risk domains: Data & Privacy, Security, Safety, Reliability, Accountability, and Societal Impact. Certification requires 2000+ technical evaluations and a comprehensive audit of AI policies and guardrails, conducted by Schellman. Updated quarterly (Jan/Apr/Jul/Oct). Integrated into IBM Risk Atlas Nexus. First certifications: UiPath (Mar 2026), ElevenLabs (voice AI).

02

Security relevance

Operationalises multiple frameworks into a single certifiable standard. Maps directly to MITRE ATLAS techniques (e.g., AITech-1.1 prompt injection mitigated by requirements B001/B002/B005), OWASP LLM Top 10 threats, NIST AI RMF functions, and EU AI Act compliance requirements. Specifically addresses agent-centric risks: autonomous action boundaries, tool access governance, non-human identity management, decision auditability, and adversarial robustness under production conditions. Includes insurance-enabling risk quantification.

03

When to use it

Use when building AI agent certification programmes, evaluating AI vendor risk, or establishing enterprise AI governance. Particularly relevant for procurement teams assessing AI agent vendors and for organisations seeking a unified compliance signal across OWASP, NIST, MITRE, and EU AI Act requirements.

04

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 10 in LLM, 10 in Agentic.

LLM Top 10 · 2025 · 10/10 covered
01
02
03
04
05
06
07
08
09
10
LLM01 · Prompt Injection LLM02 · Sensitive Information Disclosure LLM03 · Supply Chain LLM04 · Data & Model Poisoning LLM05 · Improper Output Handling LLM06 · Excessive Agency LLM07 · System Prompt Leakage LLM08 · Vector & Embedding Weaknesses LLM09 · Misinformation LLM10 · Unbounded Consumption
Agentic Top 10 · 2026 · 10/10 covered
01
02
03
04
05
06
07
08
09
10
ASI01 · Agent Goal Hijack ASI02 · Tool Misuse & Exploitation ASI03 · Identity & Privilege Abuse ASI04 · Agentic Supply Chain Vulnerabilities ASI05 · Unexpected Code Execution ASI06 · Memory & Context Poisoning ASI07 · Insecure Inter-Agent Communication ASI08 · Cascading Failures ASI09 · Human-Agent Trust Exploit ASI10 · Rogue Agents
05

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: AIUC-1
slug: aiuc-1
type: Mixed
category: AI Governance & Standards
url: https://www.aiuc-1.com

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM01, LLM02, LLM03, LLM04, LLM05, LLM06, LLM07, LLM08, LLM09, LLM10]
  asi:  [ASI01, ASI02, ASI03, ASI04, ASI05, ASI06, ASI07, ASI08, ASI09, ASI10]

complexity:    Enterprise Only
pricing:       —
audience:      All
lifecycle:     [deploy]

tags: [AI Agents, Certification, Compliance, Enterprise, EU AI Act, Insurance, MITRE ATLAS, NIST, OWASP, Standard]