Enterprises face a trust gap that blocks AI adoption. The technology promises to transform support operations, but security and reliability concerns are blocking adoption - and millions of dollars of value.

CISOs evaluating AI-powered customer support agents need clear answers: How do we prevent hallucinations that could damage our brand? What safeguards stop data leakage in customer conversations? How do we validate protection against jailbreaks and prompt injections?

Traditional certifications don’t answer these questions. SOC 2 validates operational security but wasn't designed for AI-specific risks like hallucinations or adversarial attacks. ISO 42001 establishes AI governance frameworks but doesn't technically test whether safeguards actually work against real-world threats.

For Intercom, the answer was to build comprehensive security into Fin from day one - then validate it through ISO 42001’s management system certification and AIUC-1’s technical testing and certification.

"We're proud to be trusted by nearly 30,000 customer service leaders globally with Helpdesk - and have built Fin with AI security at the core," said Thibault Candebat, CISO at Intercom. "Certifying against AIUC-1 gives our customers confidence."

The need for independent validation became clear as Intercom moved Fin upmarket into enterprise accounts. Intercom’s customers wanted robust technical testing to build on their recent ISO 42001 certification.

“AIUC-1 was built to help enterprises answer one question: ‘can we trust this AI agent?’.” said Rune Kvist, CEO at the Artificial Intelligence Underwriting Company. “Its requirements are grounded in technical testing that prevent the incidents we are seeing in production today, the latest AI research on vulnerabilities, and the concerns we heard from over 500 enterprise executives on what keeps them up at night.”

Why existing standards fall short

The concerns blocking AI adoption aren't theoretical. Air Canada faced a lawsuit after their AI agent hallucinated a refund policy. McDonald’s hiring bot leaked millions of candidates' sensitive data. Security teams demand protection against jailbreaks and prompt injection attacks that could expose confidential information or manipulate agent behavior.

"Sophisticated enterprise customers kept asking the same questions about AI-specific safety and security," said Candebat. "We'd already achieved ISO 42001 and built comprehensive safeguards into Fin - the same rigorous approach that made our Helpdesk trusted by nearly 30,000 enterprises globally. But AI is different - our customers need technical validation that goes beyond the management system.”

The inflection point came when a publicly traded cybersecurity company asked whether Intercom had AIUC-1 certification during their AI agent vendor evaluation.

"That's when we knew independent, technical, AI-specific certification was becoming table stakes for enterprise adoption," said Candebat.

The trust layer for AI adoption

Intercom approached the Artificial Intelligence Underwriting Company to certify Intercom against AIUC-1 and provide independent validation of Fin.

AIUC-1 is the first comprehensive security, safety, and reliability standard for AI agents. It is developed with trusted organizations including Stanford, CSA, Orrick, and MITRE, with regular input from the AIUC-1 Consortium founded by security leaders with experience at organizations like Google, Anthropic, Microsoft, Cisco, Meta, and JPMorgan. The standard addresses the six risk categories enterprises evaluate before AI adoption: security, safety, reliability, data & privacy, accountability, and society.

AIUC-1 builds on the principles that made SOC 2 the gold standard for cybersecurity - independent third-party validation, common language between buyers and vendors, and coverage of the concerns that actually block deals.

It evolves where traditional compliance falls short by focusing on real testing in place of process theater, continuous validation over point-in-time snapshots, and actionable requirements with clear pass/fail criteria.

Intercom’s AIUC-1 audit

The AIUC-1 audit evaluated Intercom across 50+ controls spanning every dimension of enterprise risk, including:

Technical security: Protection against jailbreaks, prompt injections, and adversarial attacks designed to manipulate agent behavior or extract sensitive information - validated through actual exploitation attempts rooted in real-world AI failure incidents.

Safety and reliability: Comprehensive guardrails preventing hallucinations, harmful outputs, and out-of-scope actions, with automated conversation boundaries that maintain Fin's reliability standards even under adversarial pressure.

Data and privacy: Robust controls for customer data handling, conversation context management, and privacy preservation in retrieval-augmented generation systems - extending Intercom's proven data protection approach to AI-specific challenges.

Continuous verification: Quarterly adversarial testing across 1,000+ scenarios designed by security researchers to identify vulnerabilities before malicious actors can exploit them.

The audit stress-tested Fin and identified edge-cases that Intercom were able to resolve. Overall, it confirmed what Intercom's enterprise customers had experienced: Fin's security is comprehensive and robust across the dimensions that matter for customer-facing AI.

"Intercom came into the AIUC-1 process having recently been certified against ISO 42001," said Rajiv Dattani, co-founder of AIUC. "They'd built Fin with the same enterprise-ready discipline that made their Helpdesk platform trusted by tens of thousands of companies. Our role was to validate their security - and identify opportunities to further strengthen it - through robust technical assessment. For example, we ran thousands of tests with inputs similar to the ones that caused the Air Canada lawsuit, to verify Fin’s hallucination safeguards."

What this means for enterprises evaluating AI

For CISOs and security teams evaluating customer support AI platforms, AIUC-1 certification provides independent validation that traditional certifications can't provide.

Instead of spending months building custom security questionnaires and conducting lengthy technical evaluations, procurement teams can reference an independent standard that addresses exactly what they're concerned about. For Intercom, certification transformed security conversations from procurement blockers into a competitive differentiator.

"Competitors talk about security. We're putting our product through quarterly independent testing - and we're willing to show the results," said Candebat. "That's credible third-party validation - and that's what enterprise buyers need to move from pilot to production at scale in environments where security, privacy, and reliability aren't negotiable."

As a founding technical contributor to AIUC-1, Intercom contributes expertise from their enterprise deployments to help strengthen the standard for the broader industry - raising the bar for customer-facing AI security across the ecosystem.

——

About Intercom: Intercom is the industry leading AI customer service company behind Fin, the highest performing AI agent for customer service. Fin delivers higher quality answers and resolves more complex queries than any other AI agent, works with any helpdesk, and outperforms every competitor. Customer service teams from nearly 30,000 global organizations use Intercom and Fin to send over 500 million messages and enable interactions with over 200 million people each month. The company was founded in 2011 and is backed by leading venture capitalists, including Bessemer Venture Partners, Kleiner Perkins and Social Capital.

About AIUC: The Artificial Intelligence Underwriting Company builds confidence infrastructure for secure AI adoption, through certification, auditing, and insurance for AI agents. Founded by experts with experience at organizations like Anthropic and developed with Orrick, Stanford, MIT, and MITRE, AIUC-1 is the first comprehensive security, safety, and reliability standard for AI agents.