Tumeryk becomes official RiskRubric v2 scoring provider, helping enterprises quantify AI trustworthiness across models, agents and MCP servers
Tumeryk, the standard in AI governance, security, and trust evaluation, today announced a strategic collaboration with Cloud Security Alliance (CSA), joining the organization’s newly launched RiskRubric ecosystem as an official AI risk assessment and scoring provider. As part of the collaboration, Tumeryk CEO Rohit Valia co-authored the RiskRubric v2 Concept Paper and collaborated on the framework’s updated scoring methodology. It also announced the beta of its AI Trust Score™ for RiskRubric v2, available at https://studio.tmryk.com
The announcement marks a significant milestone in the evolution of enterprise AI governance as organizations seek objective, evidence-based methods for evaluating the security, reliability, safety, privacy, and trustworthiness of increasingly autonomous AI agents and MCP servers.
Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX
“AI governance cannot rely on subjective checklists or static policies,” said Rohit Valia, Founder and CEO at Tumeryk. “Organizations need measurable, repeatable, and auditable ways to assess AI risk. Through our collaboration with CSA and our contribution to RiskRubric v2, we’re helping establish a common language for AI trust while giving enterprises the tools to operationalize it.”
Advancing the Industry Standard for AI Risk Assessment
Cloud Security Alliance’s RiskRubric framework was introduced to provide organizations with a structured, evidence-based method for assessing AI technologies. RiskRubric v2 expands that vision significantly, moving beyond standalone AI models to evaluate modern AI ecosystems that include AI agents, Model Context Protocol (MCP) servers, and autonomous systems.
Tumeryk played a key role in developing the RiskRubric v2 scoring model and the underlying concept framework, helping shape how AI systems are evaluated across six foundational trust pillars:
- Security
- Privacy
- Reliability
- Safety
- Transparency
- Excessive Agency
The updated framework reflects the rapidly evolving AI threat landscape and introduces a new focus on autonomous behavior, agentic systems, and governance requirements emerging from regulations such as the EU AI Act, NIST AI Risk Management Framework, ISO 42001, and other global standards.
Official Scanner for RiskRubric v2 Assessments
As part of the partnership, Tumeryk’s AI Trust Score Scanner has been integrated into the RiskRubric ecosystem as an official assessment and scoring platform.
The scanner uses automated evidence-based testing to evaluate AI models, agents, and AI services across a dozen risk dimensions, including prompt injection, jailbreak resistance, privacy leakage, bias, hallucinations, transparency, reliability, and agentic boundary violations.
Assessment results are translated into a quantitative AI Trust Score and detailed pillar-level ratings, providing organizations with a repeatable method for benchmarking and monitoring AI systems over time.
“Risk assessment is strongest when it incorporates multiple independent perspectives,” said Daniele Catteddu, Chief Technology Officer at the Cloud Security Alliance. “The addition of Tumeryk to the RiskRubric scanner ecosystem expands the industry’s ability to generate transparent, evidence-based assessments that organizations can trust.”
Alongside the partnership, Tumeryk is launching the beta of its AI Trust Score Assessment Service for RiskRubric, enabling enterprises, AI developers, technology vendors, and regulators to generate CSA RiskRubric-aligned evaluations of their AI systems.
The service provides:
- Comprehensive RiskRubric v2 assessments
- AI Trust Scores and benchmark reports
- Workforce AI security
- Agentic AI governance
- Audit-ready documentation for regulatory and compliance requirements
Organizations can use the service to evaluate foundation models, AI copilots, autonomous agents, and enterprise AI applications before deployment and throughout their operational lifecycle.
As AI systems become more autonomous and deeply integrated into critical business processes, organizations face increasing pressure to understand and manage AI risk.
Through its partnership with CSA, contributions to RiskRubric v2, and launch of the AI Trust Score Assessment Service, Tumeryk is helping establish the infrastructure needed for transparent, measurable, and trustworthy AI governance.
The RiskRubric v2 platform and scanner ecosystem are scheduled to launch later this year.
Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?
[To share your insights with us, please write to psen@itechseries.com ]
