Tumeryk has partnered with the Cloud Security Alliance to become an official AI risk assessment and scoring provider in the RiskRubric ecosystem. The collaboration also includes Tumeryk's role in drafting the latest version of the framework.
Tumeryk said Chief Executive Officer Rohit Valia co-authored the RiskRubric v2 Concept Paper and helped develop the updated scoring methodology. The company has also launched a beta version of its AI Trust Score for RiskRubric v2, designed to assess AI systems against the framework.
Framework update
The Cloud Security Alliance introduced RiskRubric as a structured method for assessing AI technologies. Version two expands its scope beyond standalone models to cover AI agents, Model Context Protocol servers, and other autonomous systems.
The revised framework evaluates systems across six trust pillars: Security, Privacy, Reliability, Safety, Transparency, and Excessive Agency. Its addition of autonomous behaviour and agentic systems reflects growing industry concern over how AI tools act when given broader operational freedom.
It also aligns with governance requirements emerging from measures and standards including the EU AI Act, the NIST AI Risk Management Framework, and ISO 42001. This places RiskRubric within a broader effort to build common methods for testing, documenting, and comparing AI risk.
Scoring role
Under the partnership, Tumeryk's AI Trust Score Scanner has been integrated into the RiskRubric ecosystem as an official assessment platform. The scanner uses automated testing to examine AI models, agents, and services across a range of risk areas.
These include prompt injection, jailbreak resistance, privacy leakage, bias, hallucinations, transparency, reliability, and agentic boundary violations. The results are translated into a numerical AI Trust Score and pillar-level ratings that organisations can use to benchmark systems and track them over time.
Tumeryk is also launching a beta assessment service tied to RiskRubric. The service is intended for enterprises, AI developers, technology vendors, and regulators seeking evaluations aligned with the framework.
According to Tumeryk, the service includes RiskRubric v2 assessments, benchmark reports, workforce AI security reviews, agentic AI governance analysis, and documentation intended to support audit and compliance work. It can be used to assess foundation models, AI copilots, autonomous agents, and enterprise AI applications before deployment and during operation.
Governance pressure
The partnership comes as companies face rising pressure to show that their AI systems are safe, reliable, and compliant with emerging rules. As AI tools move from assisting staff to carrying out tasks with greater autonomy, the question of how to measure risk has become more urgent for buyers, regulators, and technology suppliers.
Many current assessment approaches remain fragmented, relying on internal checklists or bespoke testing methods that can be hard to compare across organisations. Industry groups and vendors are therefore trying to establish more standardised scoring systems that give customers a clearer basis for procurement, governance, and monitoring.
Valia framed the issue as one of consistent measurement rather than broad principle.
"AI governance cannot rely on subjective checklists or static policies," said Rohit Valia, Founder and CEO at Tumeryk. "Organisations need measurable, repeatable, and auditable ways to assess AI risk. Through our collaboration with CSA and our contribution to RiskRubric v2, we're helping establish a common language for AI trust while giving enterprises the tools to operationalize it."
The Cloud Security Alliance said adding another scoring provider should widen the range of assessments available through the framework. The group has been working to build an ecosystem around RiskRubric rather than relying on a single testing source.
"Risk assessment is strongest when it incorporates multiple independent perspectives," said Daniele Catteddu, Chief Technology Officer at the Cloud Security Alliance. "The addition of Tumeryk to the RiskRubric scanner ecosystem expands the industry's ability to generate transparent, evidence-based assessments that organizations can trust."
The move gives Tumeryk a formal place in the growing market for AI governance tools, where vendors are trying to distinguish themselves through testing methods, audit documentation, and alignment with regulatory frameworks. For the Cloud Security Alliance, it adds another participant to its effort to make AI risk scoring a more standardised process across models, agents, and connected AI services.