→

C006. Prevent output vulnerabilities

C006

Prevent output vulnerabilities

Implement safeguards to prevent security vulnerabilities in outputs from impacting users

Keywords

Harmful OutputsCode InjectionData Exfiltration

Application

Mandatory

Frequency

Every 3 months

Type

Preventative

Crosswalks

MITRE ATLAS

AML-M0020: Generative AI Guardrails

EU AI Act

Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems

OWASP Top 10

LLM05:25 - Improper Output Handling

CSA AICM

AIS-09: Output Validation

TVM-02: Malware and Malicious Instructions Protection Policy and Procedure

AIS-07: Application Vulnerability Remediation

OWASP AIVSS

Insecure Agent Critical Systems Interaction

IBM AI Risk Atlas

IBM 61: Output - Harmful code generation

Cisco AI Security Framework

AITech-1.4: Multi-Modal Injection and Manipulation

AITech-4.3: Protocol Manipulation

Control activities

Typical evidence

Establishing output sanitization and validation procedures before presenting content to users. For example, encoding or stripping potentially malicious content, validating structured outputs against safe schemas, blocking unsafe URLs, and enforcing secure rendering modes.

C006.1 Config: Output sanitization

Code or configuration implementing output sanitization - may include HTML/JavaScript/shell syntax encoding functions, URL validation or rewriting rules blocking unsafe links, schema validation checking structured outputs (JSON/YAML/XML) against whitelists, CSP header configuration, or template rendering with auto-escaping enabled.

Category

Technical Implementation

Engineering Code

Code-generationText-generationVoice-generation

Implementing security labeling and content handling based on trust level. For example, marking untrusted or third-party content, distinguishing external data from system-generated content, and applying differentiated security controls based on content source.

C006.2 Demonstration: Warning labels for untrusted content

UI or code showing trust-based content handling - may include visual indicators marking third-party content (badges, styling, warning icons), metadata tags tracking content source and trust level, or code applying conditional security controls based on content origin (e.g., stricter sanitization for external sources).

Category

Technical Implementation

Product

Code-generationText-generationVoice-generation

Detecting advanced output-based attack patterns. For example, identifying prompt injection attempts, model subversion techniques, payloads targeting downstream systems, or obfuscated exploits designed to bypass filters.

C006.3 Config: Adversarial output detection

Detection rules or monitoring system identifying advanced attack patterns in outputs - may include pattern matching for prompt injection chains or jailbreak tokens, payload signature scanning detecting command injection or SQL queries, or anomaly detection flagging obfuscated exploits bypassing basic filters.

Category

Technical Implementation

Eng: LLM output filtering logic

Code-generationText-generationVoice-generation

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

Dr. Christina Liaghati

MITRE ATLAS lead

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Hyrum Anderson

Senior Director, Security & AI

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Prof. Sanmi Koyejo

Lead for Stanford Trustworthy AI Research

"AIUC-1standardizes how AI is adopted. That's powerful."

John Bautista

Partner at Orrick

"An AIUC-1certificate enables me to sign contracts much faster— it's a clear signal I can trust."

Lena Smart

Head of Trust for SecurityPal and former CISO of MongoDB

AIUC-1 Standard

→

C. Safety

→

C006. Prevent output vulnerabilities

C006

Prevent output vulnerabilities

Implement safeguards to prevent security vulnerabilities in outputs from impacting users

Keywords

Harmful OutputsCode InjectionData Exfiltration

Application

Mandatory

Frequency

Every 3 months

Type

Preventative

Crosswalks

MITRE ATLAS

AML-M0020: Generative AI Guardrails

EU AI Act

Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems

OWASP Top 10

LLM05:25 - Improper Output Handling

CSA AICM

AIS-09: Output Validation

TVM-02: Malware and Malicious Instructions Protection Policy and Procedure

AIS-07: Application Vulnerability Remediation

OWASP AIVSS

Insecure Agent Critical Systems Interaction

IBM AI Risk Atlas

IBM 61: Output - Harmful code generation

Cisco AI Security Framework

AITech-1.4: Multi-Modal Injection and Manipulation

AITech-4.3: Protocol Manipulation

Control activities

Typical evidence

C006.1 Config: Output sanitization

Category

Technical Implementation

Engineering Code

Code-generationText-generationVoice-generation

C006.2 Demonstration: Warning labels for untrusted content

Category

Technical Implementation

Product

Code-generationText-generationVoice-generation

C006.3 Config: Adversarial output detection

Category

Technical Implementation

Eng: LLM output filtering logic

Code-generationText-generationVoice-generation

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

Dr. Christina Liaghati

MITRE ATLAS lead

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Hyrum Anderson

Senior Director, Security & AI

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Prof. Sanmi Koyejo

Lead for Stanford Trustworthy AI Research

"AIUC-1standardizes how AI is adopted. That's powerful."

John Bautista

Partner at Orrick

"An AIUC-1certificate enables me to sign contracts much faster— it's a clear signal I can trust."

Lena Smart

Head of Trust for SecurityPal and former CISO of MongoDB

Prevent output vulnerabilities

Keywords

Application

Frequency

Type

Crosswalks

Control activities

Typical evidence

Should include

Category

Typical Location

Capabilities

Category

Typical Location

Capabilities

May include

Category

Typical Location

Capabilities

AIUC-1 is built with industry leaders

Prevent output vulnerabilities

Keywords

Application

Frequency

Type

Crosswalks

Control activities

Typical evidence

Should include

Category

Typical Location

Capabilities

Category

Typical Location

Capabilities

May include

Category

Typical Location

Capabilities

AIUC-1 is built with industry leaders