Fourth-Party AI Risk: The Vendor AI You Never Assessed

Fourth-party AI risk is the exposure that comes from the AI your vendors embed without telling you. Your vendor's product runs on a foundation model from a provider you never contracted with, processing your data through a chain you never assessed. It is the part of third-party risk that standard vendor reviews miss entirely, and it is growing fast as suppliers add AI features into tools you already use.
Third-party compromise is now one of the leading paths to a breach, and AI extends the chain another link: your vendor's AI may depend on a model provider, a fourth party, that you never evaluated. This post explains what that risk is, why your current process misses it, and how to get ahead of it.
The chain has more links than you think
Most security teams think in terms of first and third parties: you, and the vendors you sign contracts with. AI quietly adds two more layers.
| Party | Who it is | AI example |
|---|---|---|
| First party | Your own organization | An internal assistant your team built |
| Third party | A vendor you contract with | A SaaS tool that added an AI feature |
| Fourth party | Your vendor's AI provider | The foundation model behind that feature |
| Nth party | Their providers, and so on | Inference infrastructure and data services |
When your vendor's AI feature processes your customer data, it may pass that data to a model provider under terms you never reviewed, trained on data you never approved, with retention and governance you never saw. That is the fourth party, and for most organizations it is a blind spot.
Why your questionnaires miss it
The standard vendor review is a point-in-time questionnaire. It captures what the vendor chooses to self-report on the day they fill it in. Two things break that model for AI. First, vendors rarely keep their sub-processor and model-provider lists current, so the fourth parties are often simply not listed. Second, AI features arrive through product updates, and the underlying model can be swapped without notice, so even an accurate questionnaire goes stale the moment the vendor ships a release. You cannot manage a moving target with a snapshot.
Not sure what AI your vendors are running on, or where your data goes once it leaves your walls? Z Cyber maps the AI in your supply chain and builds the governance to manage it.
Get StartedHow to find the AI in your supply chain
You cannot govern what you have not mapped. The work is less about a longer questionnaire and more about a living picture of where AI touches your data.
Map which vendors use AI and what it touches. Start with the vendors that handle sensitive data and ask a direct question: does your product use AI, and on what. This sorts your vendor list into AI-exposed and not, which is the foundation for everything else. Our third-party AI risk assessment checklist walks through how to tier them.
Push for fourth-party transparency. For AI-exposed vendors, ask who provides the model, where inference happens, what data is retained, and whether your data is used for training. If the vendor cannot answer, that is itself a finding.
Require evidence of the vendor's own AI governance. A vendor that governs its own AI well is a smaller fourth-party risk. Ask for their AI policy, their model risk controls, and how they assess their own providers.
Monitor continuously. Because the model and the features change, the map has to be maintained, not filed. This is the same shift the rest of the market is making, away from point-in-time snapshots toward continuous control monitoring.
Governing it, not just listing it
Mapping is the start. Governance is tagging each AI-exposed relationship to your framework, assigning an owner, setting a risk tolerance, and re-checking on a cadence. For organizations with EU exposure, this is not optional: the EU AI Act assigns obligations to AI deployers, which reaches into how you use a vendor's AI and the model behind it. The practical model is the same one we apply to third-party model governance: bring the AI in your supply chain into the same risk register and review rhythm as the rest of your program, rather than treating it as a separate, occasional exercise.
Z Cyber's AI security and governance practice maps the AI across your supply chain, including the fourth-party layer, and our platform, Glance, keeps that map live so a model change at a vendor does not become a silent gap in your program. The goal is simple: no AI touching your data that you cannot name, govern, and evidence.
Frequently asked questions
What is fourth-party AI risk?
Fourth-party AI risk is the exposure created when one of your vendors embeds AI from a provider you never contracted with or assessed. A foundation-model provider, an AI feature, or an inference service sitting inside your vendor's product can process your data and create risk you cannot see through a standard third-party review.
Why do vendor questionnaires miss fourth-party AI?
Questionnaires capture what a vendor self-reports at a point in time, and vendors rarely keep their sub-processor and model-provider lists current. AI features are added through updates, and the underlying model can change without notice, so a static questionnaire cannot reliably surface the fourth parties inside a vendor's product.
How do you assess the AI inside your supply chain?
Start by mapping which vendors use AI and what that AI touches, then push for transparency on the model providers and data flows behind it, require evidence of the vendor's own AI governance, and monitor continuously rather than once a year.
Does the EU AI Act apply to fourth-party AI?
The EU AI Act assigns obligations to AI deployers, which can include how you use a vendor's AI and, by extension, the model behind it. For organizations with EU exposure, vendor due diligence now has an AI-governance dimension that reaches into the fourth-party layer.
Frequently Asked Questions
What is fourth-party AI risk?
Fourth-party AI risk is the exposure created when one of your vendors embeds AI from a provider you never contracted with or assessed. A foundation-model provider, an AI feature, or an inference service sitting inside your vendor's product can process your data and create risk you cannot see through a standard third-party review.
Why do vendor questionnaires miss fourth-party AI?
Questionnaires capture what a vendor self-reports at a point in time, and vendors rarely keep their sub-processor and model-provider lists current. AI features are added through updates, and the underlying model can change without notice, so a static questionnaire cannot reliably surface the fourth parties inside a vendor's product.
How do you assess the AI inside your supply chain?
Start by mapping which vendors use AI and what that AI touches, then push for transparency on the model providers and data flows behind it, require evidence of the vendor's own AI governance, and monitor continuously rather than once a year. The goal is a living map of the AI in your supply chain, not a one-time questionnaire.
Does the EU AI Act apply to fourth-party AI?
The EU AI Act assigns obligations to AI deployers, which can include how you use a vendor's AI and, by extension, the model behind it. For organizations with EU exposure, vendor due diligence now has an AI-governance dimension that reaches into the fourth-party layer.
Subscribe for Updates
Get cybersecurity insights delivered to your inbox.

