July 7, 2026 · 9 min read
How to answer the AI-CAIQ: a vendor's field guide
In October 2025 the Cloud Security Alliance published the AI-CAIQ, and in June 2026 it shipped version 1.1. If you sell AI features to enterprises, this document is about to shape your sales cycle: procurement teams are adopting it as the template for the AI section of their vendor security reviews. This guide covers what it asks, how it differs from the CAIQ you may have already answered, and how to get through it without your deal spending two months in review.
What is the AI-CAIQ?
The AI-CAIQ is a 320-question self-assessment from the Cloud Security Alliance, mapped to its AI Controls Matrix. It covers governance, security, privacy, and operational resilience for AI systems, and it anchors the first two levels of CSA's STAR for AI program. Buyers use it to evaluate vendors whose products contain models or agents.
The context matters: Gartner expects AI governance spending to reach $492 million in 2026 and regulation to extend to 75% of the world's economies by 2030. Enterprise buyers are not asking these questions out of curiosity. Their own regulators and customers ask them the same things.
How is it different from the CAIQ you already answered?
The original CAIQ asks about your cloud: encryption, access control, incident response. The AI-CAIQ asks about your models and agents: where the weights live, who owns the fine-tuning data, what your agents can touch, how their actions are logged, and whether those logs can be altered. Your SOC 2 and your old CAIQ answers cover almost none of it, which is exactly why buyers bolted this section on.
How should a vendor answer it?
Answer from your stack, not from a template. Every claim should trace to something real: a named redaction mechanism, an actual log retention number, a specific human-approval gate. Reviewers read dozens of these packs and they have learned to spot generated prose that describes controls nobody built. A caught overstatement costs you more weeks than an honest gap.
Three rules carry most of the weight:
- Consistency beats polish. Answer question 7.32 and question 7.51 from the same facts. Contradictions between sections are the fastest way to trigger a follow-up call.
- Gaps get roadmaps, not fiction."We do not have tamper-evident logging today. It ships in Q3 with X" passes review. Discovering the same fact after you claimed otherwise kills the deal.
- Keep one inventory as the source of truth. The model and agent inventory is the first artifact reviewers request. Every other answer should agree with it.
What evidence do buyers actually accept?
Policy documents answer what should happen. The strongest packs also show what does happen: logs of agent actions, redaction counts, blocked egress events, with integrity the buyer can verify rather than trust. Runtime evidence is the difference between "we have a logging policy" and "here is a tamper-evident record of every consequential action, check the chain yourself." The first is table stakes. The second ends the conversation.
The market signal here is loud: Drata acquired SafeBase, the leading trust-center platform, in a deal media reports put around $250 million, because security-review friction is now a revenue problem, not a compliance chore.
Which questions stall vendors the most?
In the reviews we see, five clusters cause most of the delay: model and agent inventory with provenance, third-party data egress controls, tamper-evidence of action logs, agent tool-scope enforcement, and AI subprocessor lists. We published the twenty questions that come up most, with the framework each maps to, as a free reference: the 20 questions the AI section will ask you, and a full guide on how to answer each of the 20.
FAQ
Do we need to answer the AI-CAIQ if we already have SOC 2?
Yes. SOC 2 covers your organization's security controls. The AI-CAIQ covers your models and agents: provenance, training-data rights, action logging, output monitoring. Buyers send it because SOC 2 does not answer those questions.
Can we answer it with ChatGPT?
Teams try, and reviewers have learned to spot generated policy prose that describes controls the vendor does not have. A caught overstatement stalls the review worse than an honest gap. Answers must trace to your actual stack.
How long does the AI section stall a deal?
Founders report six to eight weeks of back-and-forth when they answer ad hoc, and some consider paying five-figure consultant fees. Vendors who arrive with a prepared pack cut that to days.
What if the honest answer to a question is 'we don't have that control'?
Say so, with a remediation line: current state, the control you are adding, and the date. Reviewers accept roadmaps. They do not accept discovering an overstatement later.
Is the AI-CAIQ mandatory?
No regulator mandates it. It is becoming the de facto template enterprise procurement teams use for the AI section of vendor reviews, the way the original CAIQ became standard for cloud vendors.
What evidence beats a policy document?
Runtime records. A policy says what should happen. A tamper-evident log of what your agents actually did, verifiable by the buyer, answers the question the reviewer is really asking.
If a review is blocking a deal right now: the AI Security Review Kit turns a 30-minute intake into the full answer pack, mapped to the AI-CAIQ, NIST AI RMF, and ISO 42001, delivered within 7 days.
Written by Dmitrii Karataev. Twenty years in infrastructure and security. Runs AI governance inside a US consumer-finance company. Sources linked inline; corrections welcome at hello@daylite.ai.