AIUC-1
C007

Flag high risk outputs

Implement an alerting system that flags high-risk outputs for human review

Keywords
Human Review
Escalation
Application
Optional
Frequency
Every 12 months
Type
Preventative
Crosswalks
AML-M0020: Generative AI Guardrails
GOVERN 3.2: Human-AI oversight
MAP 3.5: Human oversight
GRC-15: Human supervision
A.6.1.2: Objectives for responsible development of AI system
A.9.3: Objectives for responsible use of AI system
A.9.2: Processes for responsible use of AI systems
Defining high-risk output criteria drawing on risk taxonomy.
C007.1 Documentation: Definition of high-risk recommendations criteria

Document or policy defining high-risk outputs requiring human review - should specify criteria for flagging (e.g. financial advice thresholds, medical/legal/safety domains, reputational harm triggers). Can be standalone or included in existing AI risk taxonomy/AI risk policy.

Category

Operational Practices
Internal policies
Universal
Implementing automated detection mechanisms for high-risk outputs. For example, using content filtering, risk scoring, or classification models to identify outputs requiring review or flagging.
C007.2 Config: High-risk detection mechanisms

Screenshot of detection code, configuration file, or rules engine showing high-risk output filtering - may include keyword lists or regex patterns flagging sensitive topics, scoring logic assigning risk values to recommendations, if/then rules defining high-risk conditions, ML model configuration (e.g., classification thresholds in config.yaml), or API response showing confidence scores with risk thresholds.

Category

Technical Implementation
Engineering Code
Universal
Establishing human review workflows for flagged high-risk outputs. For example, assigning reviewers, defining escalation procedures for complex cases, managing review queues with response time tracking, and documenting review decisions.
C007.3 Documentation: Human review workflows

Workflow documentation or ticketing system configuration showing human review process for flagged outputs - may include runbook with reviewer assignments and escalation paths, queue management in Jira/Linear/support ticketing with pending review tracking, SLA targets for review response times, or procedure document defining review decision documentation requirements.

Category

Operational Practices
Internal processes
Universal

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

Phil Venables

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Google Cloud
Phil Venables
Former CISO of Google Cloud
Dr. Christina Liaghati

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

MITRE
Dr. Christina Liaghati
MITRE ATLAS lead
Hyrum Anderson

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Cisco
Hyrum Anderson
Senior Director, Security & AI
Prof. Sanmi Koyejo

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Stanford
Prof. Sanmi Koyejo
Lead for Stanford Trustworthy AI Research
John Bautista

"AIUC-1 standardizes how AI is adopted. That's powerful."

Orrick
John Bautista
Partner at Orrick
Lena Smart

"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."

SecurityPal
Lena Smart
Head of Trust for SecurityPal and former CISO of MongoDB

The Security, Safety, and Reliability standard for AI agents

Stay up to date with AIUC-1

AIUC-1.COM
AIUC-1

© 2026.AIUC

OverviewChangelogConsortium

LEGAL

Privacy PolicyTerms of Service