Get the answer pack, $490
Free reference · July 2026

The 20 questions the AI section will ask you.

Enterprise vendor risk reviews added an AI module in 2026. These are the questions AI-agent vendors report seeing, grouped the way reviewers group them, with the framework each one maps to. The industry standardized this in 2026: CSA’s AI-CAIQ now carries 320 such questions, and enterprise reviewers are adopting it as the template. Answer them before the questionnaire arrives and the review stops being the slow part of your deal.

Inventory and provenance

01

Provide an inventory of all AI models and autonomous agents in your product, including base model, version, hosting location, and provider.

Always the first question. No inventory reads as no governance.

NIST AI RMF: MAP
02

For each model: is it third-party hosted, self-hosted open-weight, or fine-tuned by you? Who owns the weights and the fine-tuning data?

Determines whose terms govern the customer's data.

NIST AI RMF: MAP
03

Describe how model and prompt changes are versioned, tested, and approved before production.

Change management, restated for models.

ISO 42001: 8.x

Customer data protection

04

Can our data reach a third-party or foreign-hosted model? Under what controls?

The sharpest question in the section. "We trust the API terms" fails it.

NIST AI RMF: MANAGE
05

Is customer data used to train or fine-tune any model, yours or a provider's? Show the contractual commitment.

Reviewers want the zero-retention clause, not a policy statement.

ISO 42001: A.7
06

How is PII detected and handled before data leaves your boundary to any model?

They expect a mechanism (redaction, blocking), not a promise.

NIST AI RMF: MANAGE
07

How is one customer's data isolated from another's across agent sessions, embeddings, caches, and logs?

Multi-tenant isolation, extended to the places AI systems leak: vector stores and context windows.

SOC 2 CC + AI

Agent runtime and audit

08

Describe how agent actions are logged. Can the logs be altered after the fact, and how would we know?

Tamper-evidence is the 2026 upgrade to "do you have logs."

NIST 800-53: AU-9
09

What tools, APIs, and data sources can your agents call? How is that list enforced at runtime rather than by convention?

Capability overprovisioning is the reviewer's favorite agent risk.

NIST AI RMF: MANAGE
10

How do you defend against prompt injection causing an agent to take an unintended action or exfiltrate data?

They want layered controls, not "the model refuses."

OWASP AISVS
11

Which agent actions are irreversible or consequential, and what extra controls gate them?

Reversibility classification. Most vendors have never written this down.

OWASP AISVS 9.2
12

Can you reproduce, for a given past decision or action, exactly what the agent saw and did?

Replayability. This is what "audit trail" means to an examiner.

NIST 800-53: AU-10

Oversight and incidents

13

Describe human oversight for consequential agent actions. How are overrides recorded?

Human-in-the-loop with evidence, not as a diagram.

NIST AI RMF: GOVERN
14

How do you detect a model or agent that degrades silently, and what is your rollback procedure?

Monitoring question in agent clothing.

NIST AI RMF: MEASURE
15

What is your incident response process for an AI-specific failure: hallucinated output acted upon, data leak via prompt, agent misuse?

Your existing IR plan probably does not name these. Theirs asks for them by name.

ISO 42001: A.8
16

Will you notify us when you materially change models, providers, or agent capabilities?

Turns your roadmap into their contractual right.

Contract / DPA

Third parties and accountability

17

List all AI subprocessors, their locations, retention terms, and training-use commitments.

Your model providers are subprocessors now. Most subprocessor lists have not caught up.

GDPR / DPA
18

What framework do you operate AI governance under (NIST AI RMF, ISO 42001), and who owns it?

A named owner scores better than a certification claim.

NIST AI RMF: GOVERN
19

Which regulatory regimes reach your AI features in our deployment (EU AI Act role, state AI laws), and what is your position on each?

They are asking whether you know your own exposure.

Legal / EU AI Act
20

If your AI causes us a loss, where does liability sit? Walk us through the clause.

The section's closing move. Answered by your contract, defended by your evidence.

Contract
Every answer, written for your stack.

The Review Kit turns a 30-minute intake into the full answer pack: these 20 and the full AI-CAIQ set, plus the inventory card, data-flow one-pager, DPA addendum, and evidence checklist reviewers ask for.

Get the kit, $490

Compiled from vendor security reviews and public frameworks (CSA AI-CAIQ v1.1, NIST AI RMF, ISO 42001, OWASP AISVS, NIST SP 800-53). Reference only, not legal advice. daylite / review kit · hello@daylite.ai