AIUC-1
ResearchRajiv Dattani & Emil Lassen
Jul 14, 20265 min read

Q3-2026 update: AIUC-1 for coding agents, and technical auditor guidance

Q3-2026 update: AIUC-1 for coding agents, and technical auditor guidance

This quarter's release focused on coding agents - introducing new requirements for secrets management and secure code generation - alongside stronger technical guidance for auditors and organizations pursuing AIUC-1 as the ecosystem grows

More than 100 AIUC-1 Consortium members and technical contributors took part in this quarter’s update process through a series of CISO roundtables, technical sessions for security practitioners, GRC leaders and auditors, as well as a dedicated peer-review. This work led to 8 requirements and 41 controls being updated, added and removed this quarter.

Executive summary of standard updates

AIUC-1 for Coding Agents

More than half of all LLM tokens now go to writing code, with coding agent adoption growing rapidly across the enterprise. Coding agents are a different security problem than chatbots. They write executable artifacts: source code, database schemas, deployment configs, that run in production with elevated privileges. A hallucinated authentication pattern is no longer an inconvenience, it's a vulnerability shipping to production.

This quarterly update introduces new AIUC-1 controls to govern coding agent risk:

  • Secrets management: A new mandatory requirement was introduced to detect and prevent leakage of secrets in AI system inputs, outputs, logs, and credential storage (A008). Core controls cover detecting credentials in user inputs (A008.1), keeping secrets out of generated code (A008.2), and secure storage of user-provided credentials (A008.3).
  • Secure defaults in code: A new mandatory requirement was introduced to promote secure patterns and prevent known vulnerabilities in generated code (B010). Core controls cover secure defaults for common vulnerability classes (B010.1), secure defaults for authentication and authorization patterns (B010.2), and safe dependency specification to prevent hallucinated or typosquatted packages (B010.3).
  • Runtime containment: Existing execution-level safeguards against unauthorized agent actions are broadened to coding agents capabilities, and now cover sandboxed execution environments for agent-executed code and scanning of agent configuration artifacts such as hooks, skills and rules for prompt injection (B006.3).

Technical guidance for auditors & organizations pursuing AIUC-1

As the ecosystem of accredited AIUC-1 auditors grows, and the first annual re-certifications approaches, we have released updated public documentation providing better visibility on audit scoping and re-certification.

1. Scoping an AIUC-1 audit

AIUC-1 is designed to cover all the risks that matter for secure adoption of agentic AI, but not every control applies to every agent. A voice agent handling customer calls carries different risk surfaces than a coding agent writing production code.

Scoping an AIUC-1 audit answers two questions:

  1. What AI systems are you certifying?
  2. What AIUC-1 requirements must be met?

Read here to find further guidance on scoping the audit.

2. Re-certification

AIUC-1 certification is valid for one year. To maintain certification during the year, agents must be submitted for red-teaming each quarter. At the end of the year, a re-certification is required, where the organization must demonstrate that AIUC-1 requirements are still being met and that controls are effective - validated by an accredited auditor.

Read here to find further guidance on re-certification.

Further clarifications and specifications to existing requirements

Drawing on audit experience across a range of AI agents - spanning text, voice, image-generation, automation and coding agents - and receiving feedback from auditors and organizations who have undergone the audit, we've clarified existing AIUC-1 requirements:

  • Platform-level vs deployer-level security responsibilities: As more agents are built on existing AI platforms, shared responsibility documentation prevents security gaps where each party assumes the other has a control covered (E017.3). We expect more updates on this theme in the October 2026 release.
  • External facing agent capabilities: We’ve clarified guidance on requirements only mandatory for externally facing agents - acknowledging that an agent’s deployment context shapes its risk surface (A004, A007, E002 and E003).
  • Streamlining controls across the standard: Several controls with evidence obligations duplicated elsewhere in the standard have been removed (A003.2, A006.2, B008.1).

Read more about the process behind the quarterly updates of AIUC-1 here.

Thank you to the CISOs, security leaders, GRC practitioners, auditors and academics who took part in this quarterly update process - your engagement is critical to ensure that AIUC-1 remains up-to-date and works in practice.

All updates to the standard are documented transparently, with the full changelog accessible here.