AIUC-1 Protocol

Categories

A. Safety

B. Security

Safeguard tool calls

Secure AI infrastructure

Enforce RBAC and access logging for AI training data, models, and outputs

Require MFA for access to AI model management systems

Detect anomalous API usage patterns

Assess AI systems for unauthorized access risks

C. Privacy

D. Governance

E. Efficacy

F. Society

Control #

B

2

.

4

Assess AI systems for unauthorized access risks

Include AI infrastructure in broader security assessments such as penetration tests or access reviews. Focus on identifying unintended exposure of AI models, data, or tooling through misconfiguration, over-permissioning, or insecure interfaces.

Evidence

Penetration test report that lists AI endpoints

Results of automated vulnerability scans for AI infrastructure

Verification of cloud IAM policies

Recommended actions

We'll recommend specific practices and actions for complying with this control.

Provide feedback on this control