Guozhen AIGlobal AI field notes and model intelligence
Back to AI decision guides

AI procurement

AI vendor security questionnaire: what to ask before buying AI tools

A practical AI vendor security questionnaire for enterprise procurement: data use, retention, training, SOC 2, ISO, residency, access control, RAG permissions, evals, red teaming, and incident response.

Updated 2026-06-1110 min readBeginner to intermediate
Open data residency guide Read SOC 2 for AI apps

Best for

  • Security teams reviewing AI SaaS and AI API vendors
  • Procurement teams buying ChatGPT, Claude, RAG, agent, voice, or coding tools
  • Startups preparing answers for enterprise security questionnaires
  • Product leaders approving AI tools that connect to internal data

Not for

  • Replacing a formal vendor risk management process
  • Assuming a trust center badge answers every AI-specific risk
  • Buying tools that connect to private data without permission and retention review

Comparison

Choose by workflow, not brand

OptionBest forStrengthsTradeoffsUse when
Standard SaaS questionnaireBaseline security, identity, encryption, vulnerability management, and SOC 2 reviewCovers familiar enterprise security controls.Often misses model training, prompt logs, embeddings, tool actions, and AI-specific failures.The vendor is a normal SaaS tool with limited AI data access.
AI-specific questionnaireAI vendors handling prompts, files, internal knowledge, connectors, agents, or customer-facing outputTargets data use, retention, model behavior, evals, red teaming, and output risk.Requires cross-functional input from security, privacy, legal, engineering, and business owners.The vendor processes sensitive prompts, files, or AI-generated decisions.
High-risk vendor assessmentVendors touching regulated data, employment, health, finance, critical workflows, or external side effectsAdds legal review, human oversight, audit evidence, incident playbooks, and deeper testing.Slower procurement and more evidence required from the vendor.The AI could affect rights, money, safety, privacy, or regulated decisions.

Ask the AI data questions first

The most important vendor questions are about data flow: what goes in, what comes out, what is stored, who can see it, what trains models, and how deletion works.

  • Is customer content used to train or improve models by default?
  • How long are prompts, outputs, files, embeddings, logs, and metadata retained?
  • Can the customer configure region, retention, deletion, and support access?

Review connectors and permissions

AI vendors increasingly connect to Slack, Drive, GitHub, CRM, email, databases, and ticketing systems. Permission inheritance and connector auditability can matter more than the model itself.

  • Does retrieval respect source-system permissions at query time?
  • Can admins see which connectors, tools, and agents are enabled?
  • Can tool actions be scoped, approved, logged, and revoked?

Ask for evaluation and incident evidence

A mature AI vendor should explain how it evaluates model behavior, red-teams risky workflows, handles safety issues, communicates incidents, and gives customers release-change visibility.

  • Ask how prompts, model upgrades, and retrieval changes are tested.
  • Ask whether customers receive incident notifications for AI-specific failures.
  • Ask what logs are available for audits, investigations, and support.

Decision Rules

A practical checklist

01

Use a standard SaaS questionnaire for baseline controls, then add AI-specific questions.

02

Require deeper review when the vendor connects to internal knowledge or external tools.

03

Ask for evidence, not only policy statements.

04

Reject or sandbox vendors that cannot answer training, retention, deletion, and permission questions.

Related Guides

Continue the decision path

Open data residency guide

Drill into region, retention, and processing questions.

Open

Read SOC 2 for AI apps

Map AI-specific controls to SOC 2-style evidence.

Open

AI data residency guide

Review regional storage, processing, retention, and privacy controls.

Open

SOC 2 for AI apps

Map AI product controls to enterprise assurance evidence.

Open

AI governance framework guide

Use NIST, ISO, and EU risk language in procurement.

Open

Chinese Archive

Aligned deeper reading

AI security and privacy archive

Chinese AI security and privacy notes.

Open

AI product archive

Chinese product and procurement thinking.

Open

Topic Hubs

Explore the wider search cluster

Topic hub

Security and governance

Compare AI security controls, governance frameworks, compliance automation, data privacy, vendor questionnaires, red teaming, SIEM, SOAR, XDR, CNAPP, DSPM, DLP, PAM, GRC, and risk tooling.

Open

Industry Pages

See this guide in a buyer workflow

Industry page

Cybersecurity AI

Compare AI cybersecurity tools for SOC analysts, SIEM, SOAR, XDR, CNAPP, exposure management, DSPM, DLP, PAM, email security, AI GRC, vendor risk, red teaming, and compliance automation.

Open

Industry page

Legal AI

Compare AI tools for legal teams, contract review, CLM, eDiscovery, compliance automation, GRC, vendor review, document processing, and high-control review workflows.

Open

FAQ

Common questions

What should an AI vendor security questionnaire include?

Include baseline SaaS controls plus AI-specific questions about prompt data, outputs, files, embeddings, training use, retention, residency, connectors, model evals, red teaming, and incident response.

Is SOC 2 enough for an AI vendor?

SOC 2 is valuable evidence, but AI procurement also needs model, data, retention, permission, and evaluation questions that may not be obvious in a generic SaaS review.

Who should review AI vendors?

Security, privacy, legal, engineering, procurement, and the business owner should all participate when the AI touches sensitive data, internal systems, or customer-facing decisions.

Source Links

Primary references used for this guide

Reference

NIST AI Risk Management Framework

Official NIST framework for AI risk management.

Open

Reference

OpenAI security and privacy

OpenAI security, privacy, compliance, and accreditation information.

Open

Reference

OpenAI business data privacy

OpenAI business data privacy, security, and compliance page.

Open

Reference

Anthropic Trust Center

Anthropic compliance artifacts and control information portal.

Open

Reference

AICPA SOC suite

AICPA overview of System and Organization Controls services.

Open

Build your own evaluation note

The strongest decision is always local to your workflow. Save the vendor links, define a representative task, record the exact prompt or command, and compare the final evidence instead of the marketing claim.

Return to the AI learning map