Editorial notice: vettedaiagents.com is an independent editorial directory. Not affiliated with, endorsed by, or sponsored by any vendor named on this site. Vetting is editorial, not compliance certification. Verify all claims directly with vendors before purchasing. Vetting last reviewed April 2026
The AI Agent Security Standard

What Is AIUC-1? The First Security and Reliability Standard for AI Agents

AIUC-1 is the agent-specific standard that regulated buyers ask for by name. This is what it covers, who created it, who audits it, and which vendors hold it, sourced and dated.

Published by: AIUCFirst auditor: Schellman (Feb 2026)Reviewed: July 2026
AIUC-1 in one paragraph

AIUC-1 is the first comprehensive security, safety, and reliability standard built specifically for AI agents. Published by the Artificial Intelligence Underwriting Company (AIUC), it comprises 51 requirements and 130 controls (65 mandatory, 65 optional) across six risk pillars. A vendor is certified after an independent third-party audit, and certified agents are re-tested quarterly against thousands of adversarial scenarios rather than assessed once. It operationalizes existing frameworks, including ISO 42001, NIST AI RMF, MITRE ATLAS, and the OWASP Top 10, into a single agent-specific certification.

51
Requirements
130
Controls (65 mandatory)
6
Risk pillars
Quarterly
Re-testing cadence

Who created AIUC-1

AIUC, the Artificial Intelligence Underwriting Company, launched from stealth in July 2025 with a 15 million dollar seed round led by Nat Friedman at NFDG, with participation from Emergence, Terrain, and angels including Anthropic co-founder Ben Mann and former chief information security officers at Google Cloud and MongoDB. Its three co-founders are Rune Kvist (CEO), an early product and go-to-market hire at Anthropic; Brandon Wang, a Thiel Fellow who previously built a consumer underwriting business; and Rajiv Dattani, a former McKinsey partner and former COO of METR.

The company's model is unusual: it pairs the AIUC-1 audit and certification with actual insurance for AI agents, so the cost and availability of coverage are tied directly to audit results. Safer, better-audited systems earn better insurance terms. The certification is the evidence layer; the insurance is the financial backstop for enterprises deploying agents.

The AIUC-1 standard itself was developed with input from the Cloud Security Alliance, MITRE, and the law firm Orrick, and it draws on the founding team's background in frontier AI safety and insurance underwriting. It is maintained as a living standard, with periodic refreshes that add controls for emerging risks such as agent identity and Model Context Protocol (MCP) security.

The six risk pillars

The 51 requirements are organised into six pillars. Of the 130 controls beneath them, 65 are mandatory for certification and 65 are optional strengthening controls.

#1
Security
Prompt-injection defence, adversarial robustness, and prevention of unauthorised agent actions.
#2
Safety
Harmful-output prevention, pre-deployment testing, and a documented risk taxonomy.
#3
Reliability
Hallucination prevention and restrictions on unsafe tool calls.
#4
Accountability
AI failure-response plans, vendor due diligence, and clear AI disclosure.
#5
Data & Privacy
PII leakage prevention, cross-customer data isolation, and IP protection.
#6
Society
Guardrails against AI-enabled cyber attacks and CBRN misuse.

What it operationalizes

AIUC-1 does not replace existing frameworks. It turns their principles into testable, agent-specific controls and publishes crosswalks so buyers can trace coverage back to standards they already use.

ISO 42001
AI management-system standard operationalized into testable controls.
NIST AI RMF
US AI Risk Management Framework functions mapped to requirements.
MITRE ATLAS
Adversarial AI threat patterns turned into security tests.
OWASP Top 10
Published crosswalk to the OWASP Top 10 for Agentic Applications.

How certification works, and who holds it

Schellman, an established security and compliance assessor, became the first accredited auditor for AIUC-1 in February 2026. AIUC runs the technical evaluation and issues the certificate; Schellman provides independent audit evidence collection, detailed reporting, and certification guidance. The assessment runs an agent through thousands of adversarial scenarios derived from real incidents, and certified agents are re-tested quarterly rather than certified once at a point in time. That continuous cadence is the feature buyers in regulated procurement care about most.

Adoption is still early. Intercom announced AIUC-1 certification for its Fin agent in December 2025, one of the first companies to hold the standard. UiPath certified in March 2026, the first enterprise automation platform to do so, after subjecting its agentic systems to more than 2,000 technical evaluations; UiPath is also a founding technical contributor to the standard.

In this directory, Intercom Fin is currently the only listed vendor to hold AIUC-1, which is why we track it as an emerging criterion alongside ISO 42001 rather than a baseline requirement. See how every vendor scores against our seven criteria in the vendor matrix, and read how the certifications feed into our bar on the vetting criteria page.

Frequently Asked Questions

What is AIUC-1?+
AIUC-1 is the first comprehensive security, safety, and reliability standard built specifically for AI agents. Published by the Artificial Intelligence Underwriting Company (AIUC), it comprises 51 requirements and 130 controls (65 mandatory, 65 optional) across six risk pillars: Security, Safety, Reliability, Accountability, Data and Privacy, and Society. A vendor is certified after an independent audit, and certified agents are re-tested quarterly against adversarial scenarios. It operationalizes ISO 42001, NIST AI RMF, MITRE ATLAS, and the OWASP Top 10.
Who created AIUC-1 and the Artificial Intelligence Underwriting Company?+
AIUC launched from stealth in July 2025 with a 15 million dollar seed round led by Nat Friedman at NFDG. Its co-founders are Rune Kvist (CEO, an early product and go-to-market hire at Anthropic), Brandon Wang (a Thiel Fellow who previously founded a consumer underwriting business), and Rajiv Dattani (a former McKinsey partner and former COO of METR). The company pairs the AIUC-1 audit with insurance for AI agents, tying coverage terms to audit results. The standard was developed with input from the Cloud Security Alliance, MITRE, and law firm Orrick.
Who audits and certifies AIUC-1?+
Schellman became the first accredited auditor for AIUC-1 in February 2026. AIUC conducts the technical evaluation and issues certification while Schellman provides independent audit evidence collection, reporting, and guidance. Certification involves thousands of adversarial test scenarios, and certified agents are re-tested quarterly to confirm ongoing compliance.
Which AI agent vendors hold AIUC-1 certification?+
Adoption is early. Intercom announced AIUC-1 certification for its Fin agent in December 2025, one of the first companies to hold it. UiPath achieved AIUC-1 certification in March 2026, the first enterprise automation platform to certify, after more than 2,000 technical evaluations. In this directory, Intercom Fin is currently the only listed vendor to hold AIUC-1.
What is the difference between AIUC-1 and ISO 42001?+
ISO 42001 is a management-system standard that governs how an organisation manages AI risk at the organisational level. AIUC-1 is agent-specific and technical: it tests whether a particular AI agent is secure and reliable under adversarial conditions, across 51 requirements and 130 controls. ISO 42001 is about the management system around AI; AIUC-1 is about the behaviour of the agent itself. They are complementary, and a vendor can hold both.
Read the full 7-criterion vetting framework →

Sources

  • aiuc.com - Artificial Intelligence Underwriting Company (standard and insurance)
  • aiuc-1.com/crosswalks - AIUC-1 framework crosswalks (ISO 42001, NIST AI RMF, MITRE ATLAS, OWASP)
  • schellman.com - Schellman becomes first accredited AIUC-1 auditor (Feb 2026)
  • intercom.com - Intercom Fin AIUC-1 certification (Dec 2025)
  • uipath.com - UiPath AIUC-1 certification (Mar 2026)

Editorial explainer, reviewed July 2026. Not a compliance certification; verify current certification status directly with each vendor and with AIUC before purchase. Full source index at /sources.