Skip to main content
GuidesBy Rutvi VaderaJuly 1, 20266 min read

Third-Party AI Risk Assessment: A Practical, Prioritized Checklist

Third-Party AI Risk Assessment: A Practical, Prioritized Checklist

A third-party AI risk assessment evaluates the AI your vendors use against your own security, privacy, and compliance requirements. The practical challenge is doing it without a large team: you cannot assess every vendor in depth, so the work has to be tiered, evidence-based, and repeatable. This checklist gives you a prioritized way to assess the vendors that matter, the questions to ask, the evidence to require, and a decision at the end.

The stakes are concrete. Third-party and supply-chain compromise is now one of the leading paths to a breach, and AI widens that path: your vendors embed foundation models and AI services you never contracted for, so your data can reach providers you never assessed. Public frameworks already treat this as first-class risk, from the NIST AI Risk Management Framework to NIST SP 800-161 on supply-chain risk. This checklist turns those principles into steps a lean team can actually run.

Step 1: Tier your vendors by AI exposure

Do not assess every vendor the same way. Sort them into three tiers and spend your effort where the risk concentrates.

  • High exposure. The vendor's AI processes sensitive or regulated data, or its output drives a consequential decision such as credit, hiring, clinical, or safety. Assess these first, in depth, and monitor continuously.
  • Moderate exposure. The vendor uses AI on lower-sensitivity data or for internal productivity. A lighter, structured review is enough.
  • Low exposure. No AI, or AI that never touches your data. Record the determination and move on.

This one step is what keeps the rest sustainable. If you map where AI sits in your supply chain first, which our fourth-party AI risk guide walks through, the tiers fall out naturally.

Step 2: The assessment checklist

For every high and moderate exposure vendor, work through six categories. Treat each as a question you need an evidenced answer to, not a box to tick.

  • Data. What data does the AI process, where does it flow, how long is it retained, and is your data used to train the vendor's or a provider's models? Get the answer in writing, and confirm training use is off by default.
  • Model and providers. Which model powers the feature, who provides it, and where does inference run? Named providers and regions are the standard; "proprietary AI" with no detail is a red flag, and this is where the fourth-party layer surfaces.
  • Governance. Does the vendor have an AI policy, a named owner for AI risk, and a documented process for assessing its own AI providers? Governance maturity at the vendor is your cheapest risk reduction.
  • Security. How are the AI and its data secured, what access controls apply, and how would the vendor detect and notify you of an AI-related incident? Look for prompt-injection and model-abuse handling, not just a generic SOC 2 report.
  • Compliance. Can the vendor support your obligations, including EU AI Act deployer duties where you have EU exposure, sector rules such as HIPAA, and an emerging standard like ISO/IEC 42001? Ask what they can evidence today versus what is still on a roadmap.
  • Continuity. What happens to your data and workflow if the vendor swaps the underlying model, changes pricing, or retires the feature? Require notice terms for material model changes.

Want this checklist run for you, tiered against your actual vendor list and tied to your framework? Z Cyber's advisory team and the Glance platform do exactly that.

Get Started

Step 3: Require evidence, not attestation

A checked box is not proof. For high-exposure vendors, ask for artifacts you can actually review: the AI policy, a current list of model providers and sub-processors, data processing terms, evidence of model testing and controls, and proof that the vendor assesses its own providers. The gap between what a vendor attests and what it can evidence is usually where the real risk lives. The strongest signal is a vendor that volunteers this without being chased.

Step 4: Decide, then monitor

Every high and moderate assessment should end in a decision, not a filed document. Use three outcomes:

  • Adopt. Evidence is sufficient and residual risk is acceptable. Record the owner and the next review date.
  • Restrict. Adopt with conditions: limit the data the AI can touch, disable training, or require added controls before go-live.
  • Replace. The vendor cannot evidence basic AI governance for its exposure level. Find an alternative, or keep the AI feature turned off.

Then keep it current. The single biggest mistake in third-party AI risk is treating it as an annual event: vendor features and the models behind them change constantly, so a clean assessment in January can be wrong by March. Move high-exposure vendors to continuous or quarterly monitoring, and re-check whenever a vendor ships a major AI release. This is the same principle that should govern your internal program: continuous evidence over point-in-time snapshots.

When you are ready to formalize this, the next step before any contract is pre-signing due diligence. Our guide to AI vendor due diligence covers the questions and clauses to lock in before you sign, and Z Cyber's AI security and governance practice with the Glance platform turns the checklist into a living program rather than a spreadsheet that ages out. Teams that also run a broader framework assessment can fold AI vendor findings into it; see our guide to choosing a NIST CSF 2.0 assessment provider.

Frequently asked questions

What is a third-party AI risk assessment?

A third-party AI risk assessment evaluates the AI your vendors use against your security, privacy, and compliance requirements. It covers what data the AI processes, which model and providers sit behind it, how the vendor governs that AI, and what evidence they can produce, so you can decide whether to adopt, restrict, or replace the vendor.

How do you prioritize which vendors to assess for AI risk?

Tier vendors by AI exposure. The highest tier is vendors whose AI processes sensitive or regulated data or makes consequential decisions. Assess those first and in depth, give moderate-exposure vendors a lighter review, and document the low-exposure ones.

What evidence should you require from an AI vendor?

Ask for the vendor's AI policy, a list of model providers and sub-processors, data handling and retention terms, whether your data is used for training, evidence of model risk controls and testing, and proof that they assess their own AI providers.

How often should third-party AI risk be reassessed?

Because vendor AI features and underlying models change frequently, point-in-time reviews go stale quickly. Move high-exposure vendors to continuous or quarterly monitoring rather than an annual questionnaire, and re-check when a vendor ships a major AI release.

Frequently Asked Questions

What is a third-party AI risk assessment?

A third-party AI risk assessment evaluates the AI your vendors use against your security, privacy, and compliance requirements. It covers what data the AI processes, which model and providers sit behind it, how the vendor governs that AI, and what evidence they can produce, so you can decide whether to adopt, restrict, or replace the vendor.

How do you prioritize which vendors to assess for AI risk?

Tier vendors by AI exposure. The highest tier is vendors whose AI processes sensitive or regulated data or makes consequential decisions. Assess those first and in depth, give moderate-exposure vendors a lighter review, and document the low-exposure ones. Tiering keeps the work proportionate for a lean team.

What evidence should you require from an AI vendor?

Ask for the vendor's AI policy, a list of model providers and sub-processors, data handling and retention terms, whether your data is used for training, evidence of model risk controls and testing, and proof that they assess their own AI providers. Self-attestation is weaker than artifacts you can review.

How often should third-party AI risk be reassessed?

Because vendor AI features and underlying models change frequently, point-in-time reviews go stale quickly. Move high-exposure vendors to continuous or quarterly monitoring rather than an annual questionnaire, and re-check when a vendor ships a major AI release.

Subscribe for Updates

Get cybersecurity insights delivered to your inbox.