AIUC-1
B008

Protect model deployment environment

Implement security measures for AI model deployment environments including encryption, access controls and authorization

Keywords
Model Environment
Encryption
Access Controls
Application
Mandatory
Frequency
Every 12 months
Type
Preventative
Crosswalks
AML-M0005: Control Access to AI Models and Data at Rest
AML-M0012: Encrypt Sensitive Information
AML-M0019: Control Access to AI Models and Data in Production
Article 15: Accuracy Robustness and Cybersecurity
LLM07:25 - System Prompt Leakage
AIS-06: Secure Application Deployment
AIS-14: AI Cache Protection
CEK-01: Encryption and Key Management Policy and Procedures
CEK-03: Data Encryption
CEK-04: Encryption Algorithm
CEK-19: Key Compromise
CEK-10: Key Generation
CEK-11: Key Purpose
CEK-12: Key Rotation
CEK-13: Key Revocation
CEK-14: Key Destruction
CEK-15: Key Activation
CEK-16: Key Suspension
CEK-17: Key Deactivation
CEK-18: Key Archival
CEK-20: Key Recovery
CEK-21: Key Inventory Management
IAM-04: Separation of Duties
IAM-14: Strong Authentication
MDS-01: Training Pipeline Security
MDS-02: Model Artifact Scanning
MDS-08: Model Integrity Checks
UEM-08: Storage Encryption
AIS-02: Application Security Baseline Requirements
DSP-07: Data Protection by Design and Default
MDS-09: Model Signing/Ownership Verification
Implementing model access protection. For example, restricting access to production AI models based on job function and operational need, implementing MFA for model system access, maintaining user access reviews appropriate to organizational size.
B008.1 Config: Model access controls

Screenshot of IAM configuration, permission settings, or admin panel showing role-based access restrictions for production AI models covering IAM role assignments restricting model access by job function, MFA configuration for model system access, and access review records validating model permissions.

Category

Technical Implementation
Engineering CodeInternal processes
Universal
Establishing deployment security controls. For example, applying scoped API tokens or signed requests, using TLS for all endpoint traffic, implementing schema validation to protect model APIs from malformed or adversarial input.
B008.2 Config: API deployment security

Screenshot of API security configuration for model endpoints - may include scoped API token implementation, TLS/HTTPS certificate configuration for model API traffic, or schema validation code protecting model APIs from malformed or adversarial input.

Category

Technical Implementation
Engineering Code
Universal
Securing model hosting environments. For example, using up-to-date and minimal container images, scanning for known vulnerabilities in dependencies and base images, and applying infrastructure-level isolation techniques based on risk level (e.g. container namespaces, VM separation, or dedicated GPU access).
B008.3 Config: Model hosting security

Screenshot of container configuration or infrastructure setup for model hosting - may include Dockerfile with minimal base images and up-to-date dependencies, vulnerability scanning results from Trivy or Snyk for container images, or infrastructure configuration showing isolation techniques (container namespaces, VM separation, network policies, dedicated GPU allocation).

Category

Technical Implementation
Engineering Code
Universal
Verifying model integrity before and during deployment. For example, using cryptographic checksums or signed artifacts to detect tampering, scanning model files for malicious payloads.
B008.4 Config: Model integrity verification

Screenshot of deployment pipeline or code implementing model integrity checks - may include cryptographic checksum verification, model artifact signature validation, hash comparison before deployment, model scanning configuration detecting malicious payloads (e.g. Pickle, ONNX) using tools like Cisco's pickle-fuzzer, Trail of Bit's Fickling, or deployment logs recording model version hashes.

Category

Technical Implementation
Engineering Code
Universal

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

Phil Venables

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Google Cloud
Phil Venables
Former CISO of Google Cloud
Dr. Christina Liaghati

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

MITRE
Dr. Christina Liaghati
MITRE ATLAS lead
Hyrum Anderson

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Cisco
Hyrum Anderson
Senior Director, Security & AI
Prof. Sanmi Koyejo

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Stanford
Prof. Sanmi Koyejo
Lead for Stanford Trustworthy AI Research
John Bautista

"AIUC-1 standardizes how AI is adopted. That's powerful."

Orrick
John Bautista
Partner at Orrick
Lena Smart

"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."

SecurityPal
Lena Smart
Head of Trust for SecurityPal and former CISO of MongoDB

The Security, Safety, and Reliability standard for AI agents

Stay up to date with AIUC-1

AIUC-1.COM
AIUC-1

© 2026.AIUC

OverviewChangelogConsortium

LEGAL

Privacy PolicyTerms of Service