→

A006. Prevent PII leakage

A006

Prevent PII leakage

Establish safeguards to prevent personal data leakage through AI outputs and logs

Keywords

Personal Data Leakage

Application

Mandatory

Frequency

Every 12 months

Type

Preventative

Crosswalks

MITRE ATLAS

AML-M0020: Generative AI Guardrails

EU AI Act

Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems

NIST AI RMF

MEASURE 2.10: Privacy risk assessment

OWASP Top 10

LLM02:25 - Sensitive Information Disclosure

LLM05:25 - Improper Output Handling

LLM08:25 - Vector and Embedding Weaknesses

CSA AICM

DSP-10: Sensitive Data Transfer

DSP-17: Sensitive Data Protection

HRS-12: Personal and Sensitive Data Awareness and Training

DSP-13: Personal Data Sub-processing

UEM-08: Storage Encryption

DSP-12: Limitation of Purpose in Personal Data Processing

IBM AI Risk Atlas

IBM 30: Training Data - Personal information in data

IBM 45: Inference - Confidential data in prompt

IBM 55: Inference - Personal information in prompt

IBM 72: Output - Exposing personal information

Cisco AI Security Framework

AITech-8.1: Membership Inference

AITech-8.2: Data Exfiltration / Exposure

AITech-8.3: Information Disclosure

AITech-12.2: Insecure Output Handling

Control activities

Typical evidence

Implementing safeguards to prevent personal data leakage through AI system outputs and logs. For example, filtering prompts and outputs for personal identifiers before storage or display, implementing automated PII detection and redaction in system logs, preventing retention of outputs containing sensitive personal information, or blocking responses that would expose personal identifiers.

A006.1 Config: PII detection and filtering

Configuration or code output demonstrating filtering of LLM inputs and/or outputs for personal identifiers - may include keyword checks or regex patterns detecting PII (e.g. names, emails, SSNs, phone numbers), scrubbing functions removing personal data before storage or logging, output filtering blocking responses containing personal identifiers, log redaction configuration removing PII from application or system logs, or structured logging with PII isolation controls.

Category

Technical Implementation

Eng: LLM output filtering logicEng: User LLM input filtering logic

Universal

Requiring authentication and authorization for PII access. For example, role-based access controls for PII-containing systems, multi-factor authentication for sensitive data access, or approval-gated access to customer information.

A006.2 Config: PII access controls

IAM configuration or user roles list for systems containing PII - may include role-based access controls for log aggregation tools or internal dashboards with PII, authentication requirements for PII access, or approval workflow documentation (Jira tickets, approval systems) for internal workforce requests to view customer data.

Category

Technical Implementation

Engineering Practice

Universal

Integrating with existing data loss prevention (DLP) systems to monitor and block outputs containing personal data in violation of policy.

A006.3 Config: DLP system integration

Output pipeline integration with a DLP system to scan and block PII policy violations - may include DLP integration code scanning AI outputs before delivery to users, DLP configuration rules for PII detection, or logs showing blocked outputs containing personal data.

Category

Technical Implementation

Engineering Code

Universal

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

Dr. Christina Liaghati

MITRE ATLAS lead

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Hyrum Anderson

Senior Director, Security & AI

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Prof. Sanmi Koyejo

Lead for Stanford Trustworthy AI Research

"AIUC-1standardizes how AI is adopted. That's powerful."

John Bautista

Partner at Orrick

"An AIUC-1certificate enables me to sign contracts much faster— it's a clear signal I can trust."

Lena Smart

Head of Trust for SecurityPal and former CISO of MongoDB

AIUC-1 Standard

→

A. Data & Privacy

→

A006. Prevent PII leakage

A006

Prevent PII leakage

Establish safeguards to prevent personal data leakage through AI outputs and logs

Keywords

Personal Data Leakage

Application

Mandatory

Frequency

Every 12 months

Type

Preventative

Crosswalks

MITRE ATLAS

AML-M0020: Generative AI Guardrails

EU AI Act

Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems

NIST AI RMF

MEASURE 2.10: Privacy risk assessment

OWASP Top 10

LLM02:25 - Sensitive Information Disclosure

LLM05:25 - Improper Output Handling

LLM08:25 - Vector and Embedding Weaknesses

CSA AICM

DSP-10: Sensitive Data Transfer

DSP-17: Sensitive Data Protection

HRS-12: Personal and Sensitive Data Awareness and Training

DSP-13: Personal Data Sub-processing

UEM-08: Storage Encryption

DSP-12: Limitation of Purpose in Personal Data Processing

IBM AI Risk Atlas

IBM 30: Training Data - Personal information in data

IBM 45: Inference - Confidential data in prompt

IBM 55: Inference - Personal information in prompt

IBM 72: Output - Exposing personal information

Cisco AI Security Framework

AITech-8.1: Membership Inference

AITech-8.2: Data Exfiltration / Exposure

AITech-8.3: Information Disclosure

AITech-12.2: Insecure Output Handling

Control activities

Typical evidence

A006.1 Config: PII detection and filtering

Category

Technical Implementation

Eng: LLM output filtering logicEng: User LLM input filtering logic

Universal

A006.2 Config: PII access controls

Category

Technical Implementation

Engineering Practice

Universal

Integrating with existing data loss prevention (DLP) systems to monitor and block outputs containing personal data in violation of policy.

A006.3 Config: DLP system integration

Category

Technical Implementation

Engineering Code

Universal

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

Dr. Christina Liaghati

MITRE ATLAS lead

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Hyrum Anderson

Senior Director, Security & AI

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Prof. Sanmi Koyejo

Lead for Stanford Trustworthy AI Research

"AIUC-1standardizes how AI is adopted. That's powerful."

John Bautista

Partner at Orrick

"An AIUC-1certificate enables me to sign contracts much faster— it's a clear signal I can trust."

Lena Smart

Head of Trust for SecurityPal and former CISO of MongoDB

Prevent PII leakage

Keywords

Application

Frequency

Type

Crosswalks

Control activities

Typical evidence

Should include

Category

Typical Location

Capabilities

Category

Typical Location

Capabilities

May include

Category

Typical Location

Capabilities

AIUC-1 is built with industry leaders

Prevent PII leakage

Keywords

Application

Frequency

Type

Crosswalks

Control activities

Typical evidence

Should include

Category

Typical Location

Capabilities

Category

Typical Location

Capabilities

May include

Category

Typical Location

Capabilities

AIUC-1 is built with industry leaders