What Is AIUC-1? The First Security and Reliability Standard for AI Agents
AIUC-1 is the agent-specific standard that regulated buyers ask for by name. This is what it covers, who created it, who audits it, and which vendors hold it, sourced and dated.
AIUC-1 is the first comprehensive security, safety, and reliability standard built specifically for AI agents. Published by the Artificial Intelligence Underwriting Company (AIUC), it comprises 51 requirements and 130 controls (65 mandatory, 65 optional) across six risk pillars. A vendor is certified after an independent third-party audit, and certified agents are re-tested quarterly against thousands of adversarial scenarios rather than assessed once. It operationalizes existing frameworks, including ISO 42001, NIST AI RMF, MITRE ATLAS, and the OWASP Top 10, into a single agent-specific certification.
Who created AIUC-1
AIUC, the Artificial Intelligence Underwriting Company, launched from stealth in July 2025 with a 15 million dollar seed round led by Nat Friedman at NFDG, with participation from Emergence, Terrain, and angels including Anthropic co-founder Ben Mann and former chief information security officers at Google Cloud and MongoDB. Its three co-founders are Rune Kvist (CEO), an early product and go-to-market hire at Anthropic; Brandon Wang, a Thiel Fellow who previously built a consumer underwriting business; and Rajiv Dattani, a former McKinsey partner and former COO of METR.
The company's model is unusual: it pairs the AIUC-1 audit and certification with actual insurance for AI agents, so the cost and availability of coverage are tied directly to audit results. Safer, better-audited systems earn better insurance terms. The certification is the evidence layer; the insurance is the financial backstop for enterprises deploying agents.
The AIUC-1 standard itself was developed with input from the Cloud Security Alliance, MITRE, and the law firm Orrick, and it draws on the founding team's background in frontier AI safety and insurance underwriting. It is maintained as a living standard, with periodic refreshes that add controls for emerging risks such as agent identity and Model Context Protocol (MCP) security.
The six risk pillars
The 51 requirements are organised into six pillars. Of the 130 controls beneath them, 65 are mandatory for certification and 65 are optional strengthening controls.
What it operationalizes
AIUC-1 does not replace existing frameworks. It turns their principles into testable, agent-specific controls and publishes crosswalks so buyers can trace coverage back to standards they already use.
How certification works, and who holds it
Schellman, an established security and compliance assessor, became the first accredited auditor for AIUC-1 in February 2026. AIUC runs the technical evaluation and issues the certificate; Schellman provides independent audit evidence collection, detailed reporting, and certification guidance. The assessment runs an agent through thousands of adversarial scenarios derived from real incidents, and certified agents are re-tested quarterly rather than certified once at a point in time. That continuous cadence is the feature buyers in regulated procurement care about most.
Adoption is still early. Intercom announced AIUC-1 certification for its Fin agent in December 2025, one of the first companies to hold the standard. UiPath certified in March 2026, the first enterprise automation platform to do so, after subjecting its agentic systems to more than 2,000 technical evaluations; UiPath is also a founding technical contributor to the standard.
In this directory, Intercom Fin is currently the only listed vendor to hold AIUC-1, which is why we track it as an emerging criterion alongside ISO 42001 rather than a baseline requirement. See how every vendor scores against our seven criteria in the vendor matrix, and read how the certifications feed into our bar on the vetting criteria page.
Sources
- aiuc.com - Artificial Intelligence Underwriting Company (standard and insurance)
- aiuc-1.com/crosswalks - AIUC-1 framework crosswalks (ISO 42001, NIST AI RMF, MITRE ATLAS, OWASP)
- schellman.com - Schellman becomes first accredited AIUC-1 auditor (Feb 2026)
- intercom.com - Intercom Fin AIUC-1 certification (Dec 2025)
- uipath.com - UiPath AIUC-1 certification (Mar 2026)
Editorial explainer, reviewed July 2026. Not a compliance certification; verify current certification status directly with each vendor and with AIUC before purchase. Full source index at /sources.