Workshop
A facilitated two-day session that frames the agent's intended behavior, its operating envelope, and the questions the assessment must answer.
§ Prospectus · HI-AAF v. 1.2 · MMXXVIFolio I · of VI
A standard for the AI agents you trust with your business.
Human Intelligence publishes HI-AAF — the assurance framework for autonomous AI agents in production. We assess, certify, and operate the human review layer that makes ongoing trust possible.
- Issued by
- Human Intelligence
- Document
- HI-AAF / Prospectus
- Edition
- v. 1.2
- Status
- Public review
Established 2025
Seattle
Singapore
Edition v.1.2
§ II · InsightFolio II · of VI
Security is not the same as trust.
An AI agent can be secure — patched, scanned, network-isolated — and still be untrustworthy. Trust is a question of behavior under uncertainty: does the agent do the right thing when the situation drifts from its training?
Does it know when to escalate? Does it improve? Security frameworks were written for code, not for systems that make judgments.
Trust requires a different standard — one written for behavior, not for binaries; one that does not end at deployment but persists through every interaction the agent has with a real customer.
Compliance frameworks have always followed the technologies they govern. SOC 2 followed cloud. HI-AAF follows agents.
§ III · The FrameworkFolio III · of VI
The Agent Assurance Framework, in 9 domains.
Table III.1 · HI-AAF Domains · v.1.294 controls · 9 domains · 5-level maturity
GOV11 controls
Governance & Accountability
Ownership, policy, and risk-management discipline for every agent in production.
SPC9 controls
Agent Specification & Pre-Deployment Assurance
Behavior, capabilities, and constraints validated before deployment and on material change.
IAM8 controls
Identity, Access & Authorization
Scoped identity, least-privilege credentials, and clean attribution for every agent action.
INP10 controls
Input & Prompt Security
Defense against direct and indirect prompt injection, including through memory and retrieval.
ACT9 controls
Action & Tool Use Controls
Tool allowlists, blast-radius limits, and pre-execution review for irreversible actions.
DAT13 controls
Data Protection & Privacy
Classification, isolation, and lifecycle of data across prompts, memory, and retrieval.
OUT14 controls
Output Integrity & Supply Chain
Groundedness, safety, fairness, and provenance of outputs — and trust in upstream providers.
MON11 controls
Continuous Monitoring & Human Oversight
Per-step logging, drift detection, and a qualified human review queue with documented SLAs.
MAS9 controls
Multi-Agent Systems
Cross-agent identity, authorization, blast radius, and propagation of suspend across the chain.
GOVGovernance & Accountability11 controlsOwnership, policy, and risk-management discipline for every agent in production.Read domain
SPCAgent Specification & Pre-Deployment Assurance9 controlsBehavior, capabilities, and constraints validated before deployment and on material change.Read domain
IAMIdentity, Access & Authorization8 controlsScoped identity, least-privilege credentials, and clean attribution for every agent action.Read domain
INPInput & Prompt Security10 controlsDefense against direct and indirect prompt injection, including through memory and retrieval.Read domain
ACTAction & Tool Use Controls9 controlsTool allowlists, blast-radius limits, and pre-execution review for irreversible actions.Read domain
DATData Protection & Privacy13 controlsClassification, isolation, and lifecycle of data across prompts, memory, and retrieval.Read domain
OUTOutput Integrity & Supply Chain14 controlsGroundedness, safety, fairness, and provenance of outputs — and trust in upstream providers.Read domain
MONContinuous Monitoring & Human Oversight11 controlsPer-step logging, drift detection, and a qualified human review queue with documented SLAs.Read domain
MASMulti-Agent Systems9 controlsCross-agent identity, authorization, blast radius, and propagation of suspend across the chain.Read domain
§ IV · PracticeFolio IV · of VI
Five engagements that take you from un-assessed to certified.
Readiness Review
A structured pre-assessment against the nine domains, returning a written readiness opinion and the work required to meet the Standard.
Assessment
The formal evaluation of an AI agent against HI-AAF, conducted by Human Intelligence assessors and concluding in a published Letter of Assessment.
Maintenance
Continuous review of the agent's behavior in production, with quarterly findings and a documented record of corrective action.
Certification
Written assessment that an AI agent meets the Standard, reviewed annually and issued by Human Intelligence.
§ V · OperateFolio V · of VI
Compliance is not a one-time act.
Beneath every certification under HI-AAF sits a human review layer — a trained, accountable group of reviewers whose work is to keep the Standard a living thing rather than a one-time stamp. They watch what the agent does after the assessors leave.
Reviewers receive escalations from certified agents, judge them against the controls written into the Standard, and return findings that flow back into the agent's operating record. Where behavior drifts, they intervene. Where the Standard itself proves thin, they say so.
This is the discipline that distinguishes assurance from inspection: people working steadily, in the open. It is what we mean when we call our own organization Human Intelligence.
§ VI · EngageFolio VI · of VI
To request an assessment, or to read the draft Standard.
- Offices
- Seattle, United States
Singapore - Correspondence
- hello@humanintel.net
- Press & standards
- By written request only.
Notice
HI-AAF v1.2 is an independent framework published by Human Intelligence. It is not affiliated with NIST, ISO, AICPA, or any government or accreditation body. The framework is offered openly for review during the current draft cycle.
End of prospectus. — Human Intelligence, MMXXVI.
Imprint of Human Intelligence
Independent Framework Publisher
MMXXVI · Seattle · Singapore