New certifications start as claims and earn credibility through cycles of scrutiny. AIUC-1, a compliance framework for AI agent vendors, is at that starting point. How its structure, governance, and market acceptance hold up will decide what the certificate is worth.
AIUC-1 is a new compliance framework positioning itself as a “SOC 2 for AI agents”. It covers agent-specific risks such as “prompt injection” and “unauthorized AI agent actions,” which fall outside the scope of existing certifications.
As enterprise buyers start asking how their vendors handle security, AIUC-1 offers a structured answer backed by third-party audits. How much weight an AIUC-1 certificate ends up carrying depends on its structure, governance, and market acceptance. Vendors considering the certification and buyers reviewing one should understand both.
What AIUC-1 covers.
AIUC-1 was launched in 2025 by the Artificial Intelligence Underwriting Company (AIUC), a venture-backed startup. Its 50+ controls span six domains (Safety, Security, Reliability, Accountability, Data & Privacy, Society) and map to threats in MITRE ATLAS and the OWASP Top 10 for Agentic Applications. AIUC runs quarterly technical retests between annual audits, with Schellman as the first accredited auditor.
Adjacent frameworks address different concerns:
- ISO 42001 is certifiable through accredited bodies, but it targets the AI management system rather than agent behavior.
- NIST AI RMF is risk-management guidance with no direct certification path.
- NIST’s Cyber AI Profile (IR 8596), also risk-management guidance, addresses the intersection of cybersecurity and AI risk (draft released in 2025).
SOC 2 is a separate attestation that covers a vendor’s general service organization controls. Its scope doesn’t include the agent-specific risks AIUC-1 targets. The two frameworks coexist.
AIUC-1’s accreditation approach differs from its peers. ISO 42001 works through accredited certification bodies, SOC 2 is governed by the AICPA, and the NIST frameworks carry the authority of a federal standards agency. AIUC itself accredits AIUC-1’s auditors. Describing the framework as a “standard,” therefore, rests on AIUC’s own authority rather than an external accreditation body.
Three structural questions apply to AIUC-1.
Two questions from the SOC 2 checkbox carry forward to AIUC-1:
- Scope definition: AIUC-1 doesn’t define “AI agent,” so the vendor decides what counts as one and which agent to certify. That discretion extends to tools, data flows, and deployment context.
- Auditor selection: The vendor chooses its auditor, which collects evidence and writes reports while AIUC conducts the technical testing. Auditor firms compete for repeat business, and promises of “fast and easy” have threatened SOC credibility. The same dynamic can shape how closely an AIUC-1 auditor scrutinizes evidence and documentation.
The commercial design of AIUC-1 adds a third and most consequential consideration, the incentive chain:
AIUC authors the framework, runs the technical evaluations, issues the certificates, and sells the AI agent insurance that the certification enables. Accredited auditors collect evidence and write the reports. Zack Korman has argued that this vertical integration creates conflicts of interest at every step.
The closest precedent is the issuer-pays credit rating model, in which companies pay the agencies that rate them. That arrangement contributed to inflated ratings before the 2008 financial crisis. AIUC’s founders argue that their insurance business creates a counter-incentive, since losses on certified agents would hit AIUC directly.
What to do with AIUC-1 today.
If you’re evaluating a vendor that holds AIUC-1, treat the report as useful evidence that agent-specific controls were tested. As part of your review:
- Identify which agent, tools, model versions, and data flows the audit covered. Vague scope such as “the agent” without these specifics usually means the certificate won’t cover what your organization actually uses.
- Review the specific testing behind Domain C (Safety) and Domain F (Society). These controls cover judgment-based categories where documentation alone can satisfy the requirement.
- Check whether the vendor also holds ISO 42001. AIUC-1 attests to the agent itself, while ISO 42001 certifies the management system around it; without both, the governance picture is incomplete.
- Ask for evidence from the most recent quarterly retest, since the certificate reflects only the annual audit.
If you’re building an AI agent product, the clearest reason to pursue AIUC-1 would be buyers asking for it. Even without that demand, early adoption lets a vendor frame the security conversation and helps establish trust.
I’ve written about compliance certifications from SAS 70 to SOC 2. Each new certification finds its level over several cycles as auditors compete, vendors learn, and buyers sharpen their diligence. AIUC-1 is at the start of that process.
