AIUC-1 is the emerging trust standard for AI agents — six domains, 48 controls, accredited auditors. Get a free readiness score in ~10 minutes: where you stand across all six domains, your top gaps to close, and ISO 42001 / EU AI Act / NIST mapped along the way. No card, no sales call.
A Data & PrivacyB SecurityC SafetyD ReliabilityE AccountabilityF Society
Readiness, not certification. Cognita gets you audit-ready and hands you the evidence pack — it is not an accredited AIUC-1 auditor and does not perform the independent third-party evaluations the standard requires.
0 / 8 answered
1Do you have documented policies for the data your agent can read and what it's allowed to output — including PII, IP, and keeping customers' data separate?
2Can your agent only take actions and reach data the user is authorized for (least privilege), and is its output scoped to what's needed?
3Do you screen inputs for adversarial / injection attempts, rate-limit the endpoint, keep system prompts private, and harden the deployment environment?
4Have you defined your agent's risk categories and tested — before deploying — that it won't produce harmful, out-of-scope, or customer-defined high-risk outputs?
5Are high-risk outputs flagged for a human, and can an operator step in (pause / override / stop) while the agent is running?
6Do you have controls against hallucinations (grounding / retrieval) and unsafe tool calls (allow-listed tools, validated arguments)?
7Is agent activity logged in a traceable record, with a named accountable owner, incident/failure plans, vendor due diligence, and documented data storage + compliance?
8Do you tell users they're interacting with an AI, document an acceptable-use + transparency policy, and consider misuse (cyber / catastrophic) risks?
Free · no card · ~10 minutes · your answers stay in your browser until you share
When the free score isn't enough
The free score is a preliminary, self-asserted estimate. When a buyer's security review needs more, these are the evidence-anchored rungs — still readiness preparation, never certification.
AIUC-1 Readiness Report
$997 one-time
The full evidence-anchored AIUC-1 readiness report — all six domains scored control-by-control, every self-attestable control mapped to your evidence, the third-party-eval controls flagged, and a prioritized gap-remediation plan. Readiness preparation, not certification.
All six AIUC-1 domains scored control-by-control (the free wedge is a preliminary 8-question estimate)
Evidence-anchored — every self-attestable control tied to the records in your tamper-evident ledger
Third-party-eval controls flagged honestly — what an accredited auditor (e.g. Schellman) must test, never self-attested into the score
Crosswalk export — ISO 42001 / EU AI Act / NIST AI RMF / OWASP LLM + Agentic coverage from your actual controls
Prioritized gap-remediation plan with one-line fixes per gap
Stay sellable. AIUC-1 re-tests quarterly, so we re-score your agents on that cadence, monitor for drift, and alert you when a control regresses — your readiness report stays current for the next buyer security review.
Quarterly re-score on the AIUC-1 re-test cadence — your readiness never goes stale
Drift alerts — flagged when a control regresses or a new agent ships unassessed
Up to 3 agents under continuous readiness (the SCALE seat floor; per-agent expansion as you grow)
Always-current report + badge for the next buyer security review
Everything in the one-time Readiness Report, refreshed each quarter