AIUC-1
ResearchEmil Bender Lassen
Jan 15, 20265 min read

Quarterly update of AIUC-1 - Q1, 2026

Quarterly update of AIUC-1 - Q1, 2026

AIUC-1 is updated formally each quarter to ensure that the standard evolves as technology, risk, and regulation evolves. The standard is updated in collaboration with AIUC-1 Technical Contributors, the AIUC-1 Consortium and external peer-reviewers.

Focus areas for this quarterly update

The goal of this update is to unlock:

  1. More consistent application of AIUC-1 - ensuring the same standard is met by all accredited auditors.
  2. Easier readiness assessment for AI builders and adopters - organizations can now download a spreadsheet version to assess controls they have already implemented and identify gaps.
  3. Integration of recent advances in AI security - from real world incidents and AI security research.

In practice this means:

  1. Implementing latest best practice: 26 AIUC-1 requirements have been updated to integrate, e.g., stronger PII protection in logs, threat modelling in pre-deployment testing, multimodal coverage of AI labelling, pickle-file security tools, and more.
  2. Detailing evidence requirements for controls: Control activities are now labeled individually and typical evidence required to meet the control is published. Evidence falls into four categories: 1. Legal policies, 2. Technical implementation, 3. Operational practices, and 4. Third-party evals.
  3. Detailing scoping approach and publishing scoping questionnaire: Application of AIUC-1 requirements depends on the capabilities of an AI agent - a more powerful agent (e.g. with multimodal inputs/outputs, access to tool calls, or sensitive data) must meet a higher evidence bar. A first draft of capability-specific needs are now displayed and the scoping questionnaire guides organizations in how to apply AIUC-1.
  4. Detailing AIUC-1 certification process: More detail has been published on the certification ecosystem including information on becoming accredited as an auditor to certify against AIUC-1.

Recognizing contributors

Quarterly updates of AIUC-1 are only possible thanks to a large group of dedicated AI security leaders, academics, legal practitioners, technical testing experts, enterprise executives, and more, who contribute to setting the standard.

AIUC-1 Technical Contributors & Consortium Members

AIUC-1 Technical Contributors & Consortium Members

AIUC-1 quarterly updates combines feedback from three sources:

  1. Technical feedback from AIUC-1 Technical Contributors: These include leaders from organizations including Cisco, Coreweave, Google Cloud, MITRE, Stanford, MIT, Orrick, Schellman, the Cloud Security Alliance, and more.
  2. Enterprise AI adoption trends and risks from the AIUC-1 Consortium: These include executives from organizations like Salesforce, JP Morgan, Hubspot, MongoDB, Oracle, Databricks, Brex, Supabase, BP, Deutche Börse Group, Cloudflare, and many more. See all members here.
  3. Input from AI builders on the latest AI capabilities: These include Intercom, UiPath, Ada, Recraft, Anthropic, Google, Meta, Scale AI, Gray Swan, Virtue AI, Haize Labs, and more.

We are grateful for the many detailed contributions and high level of engagement from this group.

Tenets guiding AIUC-1 standard updates

  • Customer-focused: We prioritize requirements that enterprise customers demand and vendors can pragmatically meet - increasing confidence without adding unnecessary compliance.
  • AI-focused: We do not cover non-AI risks that are addressed in classic cybersecurity frameworks or regulations such as SOC 2, ISO 27001, or GDPR.
  • Insurance-enabling: We prioritize risks that lead to direct harms and financial losses.
  • Adapts to regulation: We update AIUC-1 to make it easier to comply with new regulations.
  • Adapts to AI progress: We update AIUC-1 to keep up with new capabilities, such as reasoning capabilities and new modalities.
  • Adapts to the threat landscape: We update AIUC-1 in response to real-world incidents.
  • Adapts to deployment experience: We update AIUC-1 based on real-world deployment experience and stakeholder feedback.
  • Predictability: We review the standard and push updates quarterly - on January 15, April 15, July 15, and October 15 of each year.
  • Transparency: We maintain a public changelog and share our lessons.
  • Backward compatibility: Existing certifications remain valid during transition periods.

We welcome feedback, ideas, suggestions, and criticism - provide input on AIUC-1 here.

Access the full changelog of this quarterly update here.

Latest articles

Research
Schellman becomes the first accredited auditor for AIUC-1

Schellman becomes the first accredited auditor for AIUC-1

Schellman, a leading provider of attestation and compliance services, today becomes the first authorized auditor of AIUC-1, marking a significant milestone in AI compliance

Read more
Research
UiPath becomes Founding Technical Contributor to AIUC-1 to shape the standard for automation agent security

UiPath becomes Founding Technical Contributor to AIUC-1 to shape the standard for automation agent security

UiPath will bring expertise from working with 10,000+ customers globally, including 60%+ of the Fortune 500, to extend the industry’s leading AI security framework, AIUC-1, for automation agents.

Read more
Research
UiPath becomes Founding Technical Contributor to AIUC-1 to shape the standard for automation agent security

UiPath becomes Founding Technical Contributor to AIUC-1 to shape the standard for automation agent security

UiPath will bring expertise from working with 10,000+ customers globally, including 60%+ of the Fortune 500, to extend the industry’s leading AI security framework, AIUC-1, for automation agents.

Read more

The Security, Safety, and Reliability standard for AI agents

Stay up to date with AIUC-1

AIUC-1.COM
AIUC-1

© 2026.AIUC

OverviewChangelogConsortium

LEGAL

Privacy PolicyTerms of Service