AIUC-1
AIUC-1 mapping for runtime governance evidence.
TrustScope maps runtime controls to all six AIUC-1 domains and clearly distinguishes ready evidence, partial coverage, and customer-owned obligations.
Last verified mapping date: February 19, 2026
Strong coverage across all 6 domains. Gaps clearly labeled below.
| Domain | Evidence Quality | Key Engines | Notes |
|---|---|---|---|
| A. Data & Privacy | Strong | pii_scanner, secrets_scanner, pii_confidence | Policy docs are customer-authored; TrustScope proves enforcement. |
| B. Security | Strong | prompt_injection_ai, jailbreak_ai, command_firewall | B001 requires third-party adversarial testing (partial). |
| C. Safety | Strong | toxicity_filter, hallucination_detector, hate_speech_detector | C003 bias coverage via toxicity + hate speech (per-trace) and Agent DNA fairness strand (aggregate). C010-C012 require external testing (partial). |
| D. Reliability | Good | loop_killer, velocity_monitor, error_rate | D002/D004 are third-party testing controls (partial). |
| E. Accountability | Strong | evidence_signer, hash_chain, audit_export | Failure-plan docs are customer-authored but evidence-backed. |
| F. Cyber Misuse | Strong | command_firewall, secrets_scanner, prompt_injection_ai | CBRN and misuse prevention via security engines. |
Critical gaps (external testing requirement)
- B001 third-party adversarial robustness testing
- C010 third-party harmful output testing
- C011 third-party out-of-scope output testing
- C012 third-party customer-defined risk testing
- D002 third-party hallucination testing
- D004 third-party tool-call reliability testing
These are not product failures. AIUC-1 requires accredited third-party testing engagements. TrustScope provides the audit trail those assessors review.
Evidence, not compliance determination
TrustScope provides governance evidence, not compliance determinations. Final certification decisions are made by qualified assessors.
Run AIUC-1 readiness on real traces.
Includes explicit ready / partial / gap labeling.