Frameworks — AIUC-1
Build trust for your AI agents in the enterprise.
AIUC-1 is the emerging security, safety, and reliability standard for AI agents, backed by independent audits and quarterly adversarial testing. If your company builds or deploys agentic AI — especially in customer-facing or high-risk workflows — AIUC-1 certification helps you win enterprise trust and unblock deals.
Subscribe to our newsletter and never skip a step in your AIUC-1 journey.
In the Spotlight
Start your AIUC-1 certification journey with DSALTA's complete checklist.
AIUC-1 is the first security, safety, and reliability standard purpose-built for AI agents, developed with input from Stanford, MIT, MITRE, and the Cloud Security Alliance. Certification requires independent auditing plus quarterly technical testing — not just a governance policy on paper.
AIUC-1 can feel dense with its 51 requirements and 130 controls across six risk pillars, but DSALTA® makes it manageable. With automated evidence collection, continuous monitoring, and AI-driven risk insights, you can maintain certification without drowning in manual work. Use this checklist to guide your AIUC-1 journey.
Why AIUC-1 certification matters?
Earning AIUC-1 certification is more than a checkbox exercise. It shows enterprise buyers, procurement teams, and your board that your AI agents have been independently tested against real-world adversarial risk — not just described in a policy document. In return, it builds long-term trust, especially with security-conscious customers in fintech, healthtech, SaaS, and enterprise software.
Failing to address agent-specific risk can result in:
Data leaks and IP exposure
Loss of enterprise customer trust
Legal and reputational exposure from agent misuse
Deals stalled or lost in security review
Easily accessible AI agent security for growing teams.
Many companies delay AI agent security work because of complexity. But it doesn't have to be overwhelming. With tools like DSALTA, AIUC-1 becomes easier to manage — especially for lean, fast-moving AI teams. By using automation and a proactive approach, you can:
Save time and third-party audit costs
Make informed decisions using real-time risk dashboards
Reduce manual evidence-gathering and focus on shipping product
Key steps to AIUC-1 certification
Here's how to get AIUC-1 certified while keeping your AI agents shipping fast.
Scope your AI agent and kick off the audit
AIUC-1 certification applies to a specific product or agent, not your whole organization by default. This includes:
Defining which product or agent is in scope for certification
Assigning key team members and setting up environment and config
Identifying initial evidence and gaps with your accredited auditor
Applies whether your agent is customer-facing, internal automation, or embedded in another product.
Map data & privacy controls
AIUC-1's Data & Privacy pillar covers how your agent handles input, output, and cross-tenant data. This includes:
Establishing input and output data use policies
Limiting AI agent data access with contextual, least-privilege safeguards
Preventing cross-customer data exposure and PII leakage
Test security & safety
Unlike paper-based frameworks, AIUC-1 requires evidence your agent has been adversarially tested. This includes:
Commissioning third-party adversarial robustness and jailbreak testing
Implementing real-time input filtering and access controls
Testing for harmful outputs, hallucinations, and unsafe tool calls
Document accountability & governance
Maintaining AIUC-1 requires clear ownership and auditable records. Automate where possible:
Building AI failure response plans for breaches, harmful outputs, and hallucinations
Assigning accountability and establishing an AI acceptable use policy
Logging AI system activity and conducting vendor due diligence
Address societal risk
AIUC-1's Society pillar looks beyond the enterprise to broader misuse risk. This includes:
Guarding against AI cyber misuse and catastrophic misuse scenarios
Aligning with adjacent frameworks like ISO 42001, NIST AI RMF, and the EU AI Act
Maintain certification quarter over quarter
AIUC-1 updates faster than annual frameworks, so certification is never a one-and-done. This includes:
Re-running technical evals quarterly — hallucinations, unsafe tool calls, adversarial attacks
Re-auditing technical, operational, and legal controls annually
Keeping your AIUC-1 report and trust badge current for enterprise buyers
Get it faster with DSALTA.



