AIUC-1: The First Compliance Framework for AI Agents w/ Rajiv from AIUC and Danny from Schellman

Mar 5, 2026

Rajiv Dattani, co-founder of AIUC and former McKinsey partner focused on AI safety and insurance, and Danny Manimbo, longtime Schellman practitioner and ISO lead in security and compliance, discuss AIUC-1. They cover the six pillars (data, security, safety, reliability, accountability, societal risks). They explain thousands of adversarial simulations, a 100-page audit report plus certification, quarterly updates, and how insurance at Lloyd's aligns incentives.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Use The 100 Page Report To Speed Vendor Reviews

Expect a detailed external deliverable: certification plus a ~100-page technical report you can share with buyers.
Danny said the report replaces roughly 70% of vendor-questionnaire back-and-forth during procurement.

INSIGHT

Three Evidence Streams And Thousands Of Tests

AIUC-1 testing combines three evidence types: adversarial technical testing, technical control review, and policy checks.
They replay real-world incidents and research attacks, running thousands of adversarial simulations to evaluate behavior.

INSIGHT

Insurance Drives Practical Risk Controls

AIUC-1 is explicitly designed to feed insurers synthetic loss and simulation data so insurers can price AI risk.
Rajiv traced the idea to historical insurance-driven safety improvements like building codes and airbags.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Every compliance framework you know was built for deterministic systems. AI agents are not deterministic. That's why AIUC-1 was born.In this episode, I sit down with Danny from Schellman and Rajiv Dattani, co-founder of AIUC, to break down the first compliance framework purpose-built for AI agents. We cover the six pillars (data & privacy, security, safety, reliability, accountability, societal risks), how the technical testing works with thousands of adversarial simulations, and why tying it to insurance through Lloyd's of London changes the incentive structure for the entire audit market.Key takeaways:- AIUC-1 bridges the gap between governance frameworks (ISO 42001) and technical testing- You can't commoditize it: you either pass thousands of adversarial scans or you don't- Quarterly updates keep the framework current with the fast-moving AI threat landscape- Insurance-backed testing means the tester has skin in the game- The 100-page audit report replaces ~70% of your vendor questionnaire back-and-forth- Three evidence types: adversarial testing, technical controls (code review), and policies- Internal agents emphasize security/data privacy; external agents emphasize safety---CHAPTERS:00:00 Introduction & Guest Intros01:55 Why a New Framework for AI Agents?04:06 Why Schellman Partnered with AIUC08:06 Quarterly Updates & The Consortium Model09:29 The Five Principles Driving AIUC-111:36 The Six Pillars: Data, Security, Safety, Reliability, Accountability, Societal12:38 What You Get: 100-Page Report + Certification14:22 How Testing Works: Thousands of Adversarial Simulations16:12 Testing Stochastic Systems: The Entropy Problem17:05 The Insurance Innovation: From Benjamin Franklin to AI Safety20:39 Lloyd's of London & Synthetic Loss Data21:36 Aligning Incentives Through Insurance23:56 How Enterprises Use AIUC-1: Buyers vs Builders26:06 Deterministic vs Stochastic: The Compliance Challenge29:05 SOC 2 vs ISO 42001 vs AIUC-1 Positioning30:51 Threat Modeling Meets Compliance35:10 Traditional Security Controls & AI-Specific Risks38:11 GRC Engineering & Agentic Auditing42:18 The Hardest Challenge: Articulating Technical Testing44:46 Closing Thoughts------CONNECT WITH GRC ENGINEER:Newsletter: https://grcengineer.com/subscribeLinkedIn: https://linkedin.com/in/ayoubfandiWebsite: https://grcengineer.comCONNECT WITH DANNY:LinkedIn: https://www.linkedin.com/in/danny-manimbo-2b199718/CONNECT WITH RAJIV DATTANI:LinkedIn: https://linkedin.com/in/rajivdattani---#GRC #cybersecurity #compliance #AIagents #AIUC1 #ISO42001 #GRCEngineering