The AI Vendor Risk Assessment Guide
AI vendor risk assessment extends third-party risk management to cover how vendors build, train, and operate AI — including what happens to your data inside their models. With ~40% of enterprise applications embedding AI agents by the end of 2026, nearly every vendor in your register is becoming an AI vendor, usually without asking you first.
- A SOC 2 report says nothing about model training on your data or fourth-party model providers.
- Tier vendors by how their AI touches you: decision-making, data-processing, or convenience AI.
- Add 20 AI-specific questions across data usage, model supply chain, governance, and compliance.
- Five contract clauses matter most — starting with a no-training clause that survives termination.
Why standard TPRM misses AI risk
Classic vendor assessment answers: can they protect our data? AI vendors raise four questions your SOC 2 review will not answer: Is your data used to train or fine-tune models — and retained in weights after termination? Which foundation models and hosting providers sit beneath the feature? Does the product include agents that act inside your environment, and under what controls? Does their AI pull you into the EU AI Act or state AI laws as the deployer?
Tier AI vendors by how their AI touches you
| Tier | Definition | Assessment depth |
|---|---|---|
| Tier 1 — Decision-making AI | Vendor AI makes or materially influences consequential decisions, or operates agents with write access in your systems | Full AI questionnaire + evidence review + contract clauses + annual reassessment; consider requiring ISO 42001 |
| Tier 2 — Data-processing AI | Vendor AI processes your sensitive data without autonomous action | Data usage, retention, and model supply chain sections + contract clauses |
| Tier 3 — Embedded convenience AI | AI features on low-sensitivity data with human review of outputs | Disclosure requirement + standard assessment with AI addendum |
The 20 questions to add to your vendor questionnaire
Data usage & retention: (1) Is customer data used to train, fine-tune, or evaluate any model — with contractual and technical opt-out? (2) How long are prompts and outputs retained, and where? (3) Can customer data be deleted from all stores, including embeddings and caches? (4) Is customer data logically isolated in AI processing? (5) Do humans review customer inputs/outputs, under what controls?
Model supply chain: (6) Which foundation models and providers power each feature? (7) Where does inference run, in what jurisdictions? (8) Do your data-usage terms with model providers match what you promise us? (9) How are model changes communicated? (10) Do you maintain an AI bill of materials per feature?
Governance & security: (11) ISO/IEC 42001 certification or NIST AI RMF alignment — with evidence? (12) How do you test for prompt injection and data exfiltration via outputs? (13) What guardrails constrain agentic features? (14) Can we access logs of AI actions in our tenant? (15) Have you had an AI-related incident affecting customers?
Compliance & performance: (16) Which features could be high-risk under the EU AI Act or state laws when we deploy them? (17) What documentation supports our deployer obligations? (18) How do you measure accuracy, hallucination, and bias rates? (19) Can AI features be disabled at tenant level? (20) What indemnification covers AI outputs?
Contract clauses that matter
- No-training clause: customer data may not train or improve models without express written consent — surviving termination.
- Model transparency: disclosure of material model/provider changes with notice period and re-assessment rights.
- Agent boundary clause: autonomous actions limited to agreed scope; logs available; kill-switch honored within a defined SLA.
- Deletion completeness: deletion includes derived data — embeddings, vectors, caches.
- Regulatory cooperation: vendor supplies documentation for your deployer duties within defined timelines.
Compyl's Vendor Risk Management ships AI-specific questionnaire templates, tiering workflows, and contract-obligation tracking, while Third Party Insights gives objective vendor risk signals in minutes. Pair this guide with the complete TPRM guide.
Frequently asked questions
What is AI vendor risk assessment?
Does a SOC 2 report cover AI risk?
Should we require ISO 42001 of AI vendors?
How do we handle vendors that add AI features mid-contract?
Who is liable when a vendor's AI gets it wrong?
Assess AI vendors with Compyl
Compyl unifies governance, risk, compliance and audit on one source of truth — built by CISOs, with a human approving every consequential decision.
About this guide. By Compyl Research. This is general information, not legal advice — consult counsel for your specific obligations. Compyl is an AI-powered, agentic GRC platform built by CISOs.