Company
May 29, 2025

Augment Code is the first AI coding assistant to be ISO/IEC 42001 Certified

Augment Code is the first AI coding assistant to achieve ISO/IEC 42001 certification. This is the international standard for AI management systems, and the framework for how AI tools should handle data, manage risks, and maintain security.

Why does this matter? Because every time you want to adopt an AI tool, someone asks about governance. Security wants to know about data handling. Compliance wants documentation. Procurement wants standards.

What This Changes

Security reviews go faster. ISO/IEC 42001 covers AI-specific areas that regular security audits can miss—how we handle training data, monitor model behavior, and manage algorithmic decisions. Your InfoSec team gets audited documentation instead of vague promises.

Procurement has what they need. Instead of custom questionnaires and months of back-and-forth, you can point to an international standard. We already went through the audit process.

Your code stays protected. The certification requires specific controls around data processing and storage. Not just for your source code in Augment, but for how the downstream and hidden AI ecosystem handles your data.

Enterprise ready means your AI Committee will love you. We built this for teams that need to ship code while dealing with compliance requirements, security policies, and vendor approval processes.

Our Security Foundation

ISO/IEC 42001 builds on our comprehensive security certifications and controls:

SOC 2 Type II - We were the first dev tool to achieve this standard, covering security, availability, and confidentiality controls.

Multi-tenant isolation for Enterprise customers - Namespace sharding, Service tokens, and Proof-of-Possession Authorization ensure your code stays completely separate from other users.

Customer Managed Keys (CMK) - Enterprise customers control their own encryption keys. If you revoke access, we can't read your data. Full stop.

No training on your code - We never train models on proprietary code in all paid tiers and paid tier trails periods. (We never have, we never will). Your IP stays yours.

What We Actually Did

The ISO/IEC 42001 certification process audited our entire AI pipeline—from model training to code suggestions. Our auditors at CoalFire verified our risk management processes, data governance controls, and monitoring systems.

Ready to try Augment Code? Sign up for a free 14-day trial or talk to our team about how this fits into your existing development workflow.

Jon McLachlan

Jon McLachlan is the Head of Security of Augment and host of The Security Podcast of Silicon Valley. A seasoned entrepreneur and security leader, Jon and his team at YSecurity.io built the Security Programs at Augment to help enterprise engineering teams adopt AI without sacrificing trust, compliance, or speed. He’s led security programs across startups (Robinhood, Modular, Symphony Communications) and enterprises (Apple, Pure Storage, Cisco), focusing on reducing friction between innovation and risk. At Augment, he navigates the frontiering intersection of AI and Security to meet the highest standards, including being the first AI coding assistant to earn ISO/IEC 42001 certification.

Keep reading with us.
Scott Dietzen
September 5, 2024
Augment Code achieves SOC2 Type II
Barry (Xuanyi) Dong
November 26, 2024
Reinforcement Learning from Developer Behaviors: A breakthrough in code generation quality
Chris Kelly
February 14, 2025
Augment <3 Vim