Cloud Security Alliance adds AIUC-1 to STAR Registry
Fri, 3rd Jul 2026 (Today)
Cloud Security Alliance has added AIUC-1 certification recognition to its STAR Registry, extending the registry's AI assurance coverage to AI agents.
Organisations listed on the Security, Trust, Assurance and Risk Registry that also hold AIUC-1 certification can now add the AIUC-1 AI Agent Trustmark to their listing. The designation is intended to help companies identify providers whose AI agents have undergone third-party assessment against the AIUC-1 standard.
The change brings agentic AI into a registry already used to document security and privacy controls for cloud computing and AI services. STAR and STAR for AI are structured around transparency, auditing, and alignment with the Cloud Controls Matrix and AI Controls Matrix.
The addition responds to rising demand for verifiable assurance around autonomous AI systems. The organisation has already expanded the registry to accept ISO/IEC 42001 certifications for AI management systems, and this latest step adds a layer aimed specifically at AI agents.
Under the arrangement, AIUC-1 certification includes independent validation of an AI agent through quarterly red-teaming, alongside a review of an organisation's AI safety and governance practices. AIUC describes AIUC-1 as a standard covering AI agent security, safety, reliability, data privacy, accountability, and societal impact.
The framework is intended to give buyers a clearer signal when assessing external AI providers. Businesses are under pressure to review how AI systems make decisions, handle sensitive data, and automate operational tasks, particularly when those systems act with a high degree of autonomy.
Jim Reavis, chief executive officer and co-founder of Cloud Security Alliance, outlined the rationale for the move.
"As organizations increasingly rely on AI agents to make decisions, access sensitive data, and automate critical business processes, they need a clear way to identify providers that have demonstrated a commitment to responsible AI agent development and governance, through the third-party validation of secure technical and effective operational controls," Reavis said.
"By recognizing AIUC-1 certified organizations within the STAR Registry, CSA is creating a trusted resource for companies to identify partners that have independently validated their approach to secure, transparent, and trustworthy AI."
Registry role
The STAR Registry is publicly accessible and used by organisations to disclose security and compliance information to customers and prospective customers. Listings can show which regulations, standards, and frameworks a provider says it follows, giving procurement teams and risk specialists a single place to review a supplier's stated controls.
For vendors of AI systems, a separate marker for AI agents could become more relevant as buyers seek more specific forms of assurance than broad cyber or cloud certifications provide. Agentic AI systems are drawing more scrutiny because they can initiate actions, interact with business systems, and process large volumes of confidential information.
According to the organisations, AIUC-1 certification is achieved through quarterly red-teaming and an annual review of operational, legal, and technical controls. The standard was developed through the AIUC-1 Consortium with technical contributors including Stanford, MIT, Orrick, MITRE, Cloud Security Alliance, Google Cloud, Cisco, and MongoDB.
Assurance market
The collaboration also reflects the emergence of a market for AI assurance products as companies move from experimentation to wider deployment. Boards, regulators, and enterprise customers are asking for evidence that AI systems are governed and tested in a repeatable way, especially when they are used in high-impact settings.
Rather than creating a new public directory, CSA has incorporated the certification into an existing registry already used in cloud and AI procurement. That gives AIUC-1 certified organisations a way to display the trustmark alongside other compliance information already visible to customers.
Emil Bender Lassen, standards lead at AIUC, said the aim was to simplify how organisations communicate that work.
"As organizations increasingly depend on AI agents to power critical business functions, trust must be built on independently validated controls," Lassen said.
"By bringing together AIUC-1's rigorous certification standard with the industry-leading visibility and credibility of the CSA STAR Registry, we're creating a clearer and more efficient path for organizations to showcase their commitment to building responsible and secure AI. This collaboration helps reduce complexity, promotes consistency across assurance frameworks, and ultimately gives customers, regulators, and business partners greater confidence in the AI systems they rely on."