AIUC-1 is an AI controls framework designed for underwriters and auditors. It defines evidence requirements for AI system governance across four categories: Data & Privacy (A), Security (B), Reliability (D), and Accountability (E). It is used by AI insurers to assess organizational readiness and risk.
Organizations seeking AI insurance or undergoing underwriting assessments for AI systems. If an insurer or underwriter is evaluating your AI governance posture, AIUC-1 defines the evidence they expect to see.
| Framework criterion | Brigs control(s) |
|---|---|
| A001 — Data Exfiltration Prevention | AGENT_DATA_EGRESS |
| A003 — No Public Storage Exposure | NO_PUBLIC_STORAGE |
| B001 — Dependency CVE Hygiene | DEPENDENCY_CVE_HYGIENE |
| B007 — Least Privilege Enforcement | AGENT_LEAST_PRIVILEGE |
| D003 — Tool & Action Governance | AGENT_TOOL_ALLOWLISTAGENT_ACTION_GATING |
| E005 — Audit Trail Requirements | AGENT_AUDIT_LOGGING |
AIUC-1 is an AI controls framework developed by the AI Underwriting Consortium. It defines evidence requirements across Data & Privacy, Security, Reliability, and Accountability categories that underwriters and auditors use to assess AI system governance.
AIUC-1 is used by AI insurers and underwriters to evaluate the governance posture of organizations deploying AI systems. If your organization is seeking AI insurance coverage, AIUC-1 defines the controls evidence your underwriter will request.
Brigs maps controls to all four AIUC-1 categories: data exfiltration prevention (A001), public storage exposure (A003), dependency CVE hygiene (B001), least privilege (B007), tool governance (D003), and audit logging (E005). Each control generates the evidence artifacts underwriters expect.
Connect your repositories and get automated AIUC-1 control evaluation in minutes.
Get Started Free