Zendesk sets a new baseline for AI transparency: First to achieve CSA STAR AI Levels 1 & 2 certification

Across key markets worldwide, customers and regulators—especially in highly regulated industries and global enterprises—demand detailed, verifiable evidence of AI risk management: control mappings, audit trails, and independent assessments.

At the same time, as AI becomes a foundational part of cloud platforms, new industry standards like NIST AI RMF, ISO 42001, and the EU AI Act now require more than just written policies; they require proof that AI systems are governed and secured in practice.

The way we approach AI security standards at Zendesk is rooted in technical transparency and external accountability. This is why we invested early in certifications that provide independent assurance of our validated AI controls and secure AI practices.

We are proud to announce that we have secured both Level 1 and Level 2 STAR AI certifications from the Cloud Security Alliance (CSA) ahead of everyone else in our industry. This lets Zendesk set a precedent for responsible, validated AI in customer experience solutions. Making our security controls and processes available for third-party control isn’t just about meeting today’s requirements – it’s about providing standardized, technical evidence customers can trust, and supporting a higher bar for transparency and operational rigor in the sectors we serve.

Understanding the CSA STAR AI Level 1, Level 2 certification and AI-CAIQ

CSA is widely recognized as the global authority on cloud and AI security standards. CSA STAR AI Level 1 certification is anchored in the AI Consensus Assessments Initiative Questionnaire (AI-CAIQ) framework and involves a rigorous technical self-assessment, that requires companies to publicly disclose detailed practices for AI governance, model risk management, bias mitigation, privacy, explainability, and regulatory alignment.

CSA STAR AI Level 2 goes beyond self-assessment by requiring a comprehensive, independent third-party audit of an organization’s AI security, governance, and risk management controls. For Zendesk customers and partners, this external validation provides clear, objective assurance that our approach to AI security isn’t just transparent – it’s been tested and confirmed by trusted industry evaluators. As the first company globally to reach this milestone, Zendesk makes it easier for organizations to evaluate, trust, and confidently deploy AI-powered CX solutions at scale, knowing our controls meet recognized, rigorous standards.

Why the STAR1 and STAR2 should certifications matter to our customers

The CSA’s standardized approach cuts through the tangle of custom questionnaires and bespoke risk reviews that often hold up procurement and vendor assessments. Now, customers can see Zendesk’s entire set of controls and risk mitigations in clear, standard language via the public CSA STAR Registry. This isn’t just simpler – it’s more robust. Customers can easily benchmark, compare, and validate how Zendesk handles their data and AI models.

Our commitment to ongoing security leadership

Security and transparent AI governance require ongoing dedication—not a one-time effort. At Zendesk, our commitment to responsible AI at scale drives us to maintain operational transparency and deliver trusted AI-powered CX solutions that adapt and lead as the landscape evolves.