AATCS — AI Agent Trust Certification Standard

The Framework

5 Dimensions of Agent Trust

Every AATCS certification evaluates agents across five independent dimensions. Agents must meet minimum thresholds across all dimensions — a high score in one area cannot compensate for a failure in another.

Dimension 1

Security Audit

Weight: 25%

Prompt injection & jailbreak resistance
Data encryption in transit & at rest
Authentication & authorization controls
Tamper-evident audit logging
Supply chain vulnerability assessment

View full criteria

Security audit evaluates the agent's resistance to adversarial inputs, the robustness of its data protection mechanisms, and the completeness of its audit trail. Auditors conduct red-team exercises against the agent and review its infrastructure architecture.

Score DistributionAvg: 4.2 / 5

Dimension 2

Capability Verification

Weight: 20%

Task completion on standardized test suite
Domain-specific benchmark performance
Failure mode documentation quality
Cost & latency consistency under load

View full criteria

Capability verification independently tests whether the agent can perform the tasks it claims. Based on the Agent Capability Breathalyzer framework (AATCS-107), auditors run agents through standardized task sets and compare outputs against documented capability claims.

Score DistributionAvg: 3.9 / 5

Dimension 3

Data Handling & Privacy

Weight: 25%

PII detection, masking & protection
Data retention policies & enforcement
Data lineage & provenance tracking
GDPR/CCPA right-to-deletion compliance
Consent management implementation

View full criteria

Data handling assessment verifies that agents correctly identify, protect, and manage data throughout its lifecycle. Auditors test PII detection accuracy, verify data retention configurations, and confirm that deletion requests are properly honored.

Score DistributionAvg: 4.0 / 5

Dimension 4

Operational Compliance

Weight: 20%

Decision auditability & explainability
Bias & fairness output testing
Escalation policy enforcement
Rollback & recovery procedures

View full criteria

Operational compliance evaluates whether the agent operates within defined boundaries and can explain its decisions. Auditors test decision audit logs, run bias testing suites, verify human escalation triggers, and confirm rollback capabilities.

Score DistributionAvg: 3.7 / 5

Dimension 5

Organizational Governance

Weight: 10%

Vendor AI governance practices
Agent version control & change management
Model card & incident response plan
Business continuity provisions

View full criteria

Organizational governance reviews the vendor's practices around AI oversight, incident response, and business continuity. Auditors examine model cards, human-in-the-loop policies, and what happens to agent operations if the vendor fails.

Score DistributionAvg: 4.4 / 5

Download Full Framework (PDF) Full AATCS Standard v1.0 — 42 pages

Certification Tiers

Audit Rubric & Grades

AATCS offers two audit tiers to serve agents at different maturity levels — from early-stage vendors seeking initial credibility to established agents requiring enterprise-grade certification.

Light Audit

2-week turnaround

$3,000 – $5,000

Self-assessment questionnaire
Spot-check by certified auditor
Automated security scan
Capability claim verification (3 tests)
PII handling test suite
Public audit summary
Registry listing
Full red-team security exercise
Independent auditor report
Procurement acceptance letter

Bronze Grade

Start Light Audit

Certification Grades

Bronze

Light audit passed. All mandatory criteria met. Minimum viable trust signal for agent marketplaces.

Req: Avg ≥ 3.0 across all dimensions, no dimension below 2.0

Silver

Full audit passed. Strong trust signal for regulated industry procurement and enterprise contracts.

Req: Avg ≥ 4.0, no dimension below 3.0, security ≥ 3.5

Gold

Full audit with distinction. Highest trust grade. Accepted as sufficient due diligence by enterprise procurement in regulated industries.

Req: Avg ≥ 4.5, no dimension below 4.0, security ≥ 4.5

Scoring Rubric — 1 to 5 Scale

Score	Rating	Criteria
5	Exceptional	Exceeds industry standards; best-in-class practices observed
4	Strong	Fully meets requirements; minor improvements recommended
3	Adequate	Meets minimum requirements; some gaps identified
2	Insufficient	Significant gaps; remediation required before certification
1	Critical Failure	Material security or compliance issues; immediate action required

Public Registry

Certified Agent Directory

All AATCS-certified agents are listed here. Filter by certification grade, status, or search by agent and vendor name. Click any agent to view their full certification breakdown.

Agent	Vendor	Cert #	Grade	Security	Capability	Data	Compliance	Governance	Valid Until	Status

Trust Visual Identity

AATCS Certification Badges

Certified agents receive a unique badge displaying their grade, certification number, and expiration date. Badges are available in SVG and PNG formats for digital and print use.

Cert Number

Expiration

Agent Name

Badge Usage Guidelines

Display on agent's website and marketplace listing
Link badge to the AATCS public registry entry
Minimum display size: 80×80px for digital, 1 inch for print
Do not alter colors or add modifications
Remove badge immediately upon certification expiration or revocation

Get Certified

Certification & Pricing

Join the growing network of certified AI agents trusted by enterprise procurement teams worldwide.

Individual Agent

$3,000 – $15,000

One-time certification fee

One agent, any tier (Light or Full audit)
Valid for 12 months
Annual recertification at 50%
Public registry listing
Digital badge (SVG + PNG)
Audit summary publication

Best Value

Enterprise Program

$5,000 – $25,000/year

Up to 10 agents per year

Certify up to 10 agents annually
Priority audit scheduling
Dedicated account manager
Custom requirement mapping service
Procurement acceptance letter support
Premium marketplace badge placement
Quarterly compliance digest

Marketplace Listing

$200 – $1,000/month

Agent marketplace operators

AATCS badge integration API
Certified agent filter widgets
Revocation alert webhooks
Compliance filter integration
Monthly usage analytics

Start Your Certification

Full Name

Company

Work Email

Certification Interest

Agent URL

Additional Information

Enterprise Procurement

Procurement Acceptance Letter Template

Enterprise procurement teams can use this pre-written acceptance letter template to cite AATCS certification as sufficient due diligence, dramatically reducing review time for certified agents.

AI Agent Procurement Acceptance Letter Template

CONFIDENTIAL — INTERNAL USE ONLY
[COMPANY LETTERHEAD]

Date: ___________________

Re: Acceptance of AATCS Certification as Sufficient Due Diligence for AI Agent Procurement

Dear [Compliance Team / Legal Team],

This letter documents our acceptance of the AI Agent Trust Certification Standard (AATCS) as sufficient due diligence evidence for AI agent procurement evaluations.

Background

[Company Name] has identified the AATCS certification standard as an authoritative, independently verified trust signal for AI agents. The standard covers five critical dimensions:

Security Audit — Prompt injection resistance, data encryption, authentication controls, audit logging, and supply chain security
Capability Verification — Task completion rates, benchmark performance, failure mode documentation
Data Handling & Privacy — PII protection, data retention policies, GDPR/CCPA compliance
Operational Compliance — Decision auditability, bias testing, human escalation policies, rollback procedures
Organizational Governance — Vendor AI governance practices, model cards, incident response, business continuity

Policy

Effective immediately, AI agents bearing a valid AATCS certification at the following grades are accepted as meeting our baseline due diligence requirements:

Certification Grade	Acceptance Level	Notes
Gold	Full acceptance	No additional security review required
Silver	Acceptance pending security review	Review limited to dimension-specific gaps
Bronze	Baseline only	Requires full internal security review

Verification

All AATCS certifications are verifiable in the public AATCS registry at aatcs.org using the certification number. Certifications expire after 12 months; renewal status can be confirmed via the registry's real-time status field.

Scope

This acceptance applies to AI agents used for: internal operations, customer-facing automation, data processing involving regulated data (PHI, PII, financial data), and decision-making with material business impact.

Agents performing high-risk autonomous actions (as defined by EU AI Act Article 6 Annex III) require additional human oversight provisions regardless of certification grade.

Sincerely,
[Procurement Officer Name]
[Title]
[Company Name]

The SOC 2 forAI Agents

5 Dimensions of Agent Trust

Security Audit

Capability Verification

Data Handling & Privacy

Operational Compliance

Organizational Governance

Audit Rubric & Grades

Certification Grades

Bronze

Silver

Gold

Scoring Rubric — 1 to 5 Scale

Certified Agent Directory

AATCS Certification Badges

Badge Usage Guidelines

Certification & Pricing

Start Your Certification

Procurement Acceptance Letter Template

The SOC 2 for
AI Agents