Compyl

The AI Vendor Risk Assessment Guide

July 08, 2026
Playbook · Third-Party Risk

The AI Vendor Risk Assessment Guide

By Compyl ResearchUpdated July 20265 min read

AI vendor risk assessment extends third-party risk management to cover how vendors build, train, and operate AI — including what happens to your data inside their models. With ~40% of enterprise applications embedding AI agents by the end of 2026, nearly every vendor in your register is becoming an AI vendor, usually without asking you first.

Key takeaways
  • A SOC 2 report says nothing about model training on your data or fourth-party model providers.
  • Tier vendors by how their AI touches you: decision-making, data-processing, or convenience AI.
  • Add 20 AI-specific questions across data usage, model supply chain, governance, and compliance.
  • Five contract clauses matter most — starting with a no-training clause that survives termination.

Why standard TPRM misses AI risk

Classic vendor assessment answers: can they protect our data? AI vendors raise four questions your SOC 2 review will not answer: Is your data used to train or fine-tune models — and retained in weights after termination? Which foundation models and hosting providers sit beneath the feature? Does the product include agents that act inside your environment, and under what controls? Does their AI pull you into the EU AI Act or state AI laws as the deployer?

Tier AI vendors by how their AI touches you

Tier Definition Assessment depth
Tier 1 — Decision-making AI Vendor AI makes or materially influences consequential decisions, or operates agents with write access in your systems Full AI questionnaire + evidence review + contract clauses + annual reassessment; consider requiring ISO 42001
Tier 2 — Data-processing AI Vendor AI processes your sensitive data without autonomous action Data usage, retention, and model supply chain sections + contract clauses
Tier 3 — Embedded convenience AI AI features on low-sensitivity data with human review of outputs Disclosure requirement + standard assessment with AI addendum

The 20 questions to add to your vendor questionnaire

Data usage & retention: (1) Is customer data used to train, fine-tune, or evaluate any model — with contractual and technical opt-out? (2) How long are prompts and outputs retained, and where? (3) Can customer data be deleted from all stores, including embeddings and caches? (4) Is customer data logically isolated in AI processing? (5) Do humans review customer inputs/outputs, under what controls?

Model supply chain: (6) Which foundation models and providers power each feature? (7) Where does inference run, in what jurisdictions? (8) Do your data-usage terms with model providers match what you promise us? (9) How are model changes communicated? (10) Do you maintain an AI bill of materials per feature?

Governance & security: (11) ISO/IEC 42001 certification or NIST AI RMF alignment — with evidence? (12) How do you test for prompt injection and data exfiltration via outputs? (13) What guardrails constrain agentic features? (14) Can we access logs of AI actions in our tenant? (15) Have you had an AI-related incident affecting customers?

Compliance & performance: (16) Which features could be high-risk under the EU AI Act or state laws when we deploy them? (17) What documentation supports our deployer obligations? (18) How do you measure accuracy, hallucination, and bias rates? (19) Can AI features be disabled at tenant level? (20) What indemnification covers AI outputs?

Contract clauses that matter

  • No-training clause: customer data may not train or improve models without express written consent — surviving termination.
  • Model transparency: disclosure of material model/provider changes with notice period and re-assessment rights.
  • Agent boundary clause: autonomous actions limited to agreed scope; logs available; kill-switch honored within a defined SLA.
  • Deletion completeness: deletion includes derived data — embeddings, vectors, caches.
  • Regulatory cooperation: vendor supplies documentation for your deployer duties within defined timelines.

Compyl's Vendor Risk Management ships AI-specific questionnaire templates, tiering workflows, and contract-obligation tracking, while Third Party Insights gives objective vendor risk signals in minutes. Pair this guide with the complete TPRM guide.

Frequently asked questions

What is AI vendor risk assessment?
The extension of third-party risk management to a vendor's AI practices: whether your data trains models, which fourth-party model providers are involved, how autonomous features are controlled, and what regulatory exposure their AI creates for you as deployer.
Does a SOC 2 report cover AI risk?
Only partially. SOC 2 addresses security, availability, and confidentiality — it says nothing specific about model training on your data, model supply chains, or output risks. Necessary, not sufficient.
Should we require ISO 42001 of AI vendors?
For Tier 1 vendors whose AI makes consequential decisions, requiring ISO/IEC 42001 certification or a roadmap to it is becoming a reasonable ask — the AI analogue of requiring ISO 27001.
How do we handle vendors that add AI features mid-contract?
Require disclosure before enablement, default new AI features to off, and trigger a lightweight re-assessment. Most AI risk enters the register through features switched on silently.
Who is liable when a vendor's AI gets it wrong?
Regulators generally hold the deployer — you — responsible for consequential decisions. Indemnification shifts money, not accountability.

Assess AI vendors with Compyl

Compyl unifies governance, risk, compliance and audit on one source of truth — built by CISOs, with a human approving every consequential decision.

Request a demo →

About this guide. By Compyl Research. This is general information, not legal advice — consult counsel for your specific obligations. Compyl is an AI-powered, agentic GRC platform built by CISOs.

Monitoring thousands of environments daily
By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies