Enterprise vendor risk reviews added an AI module in 2026. These are the questions AI-agent vendors report seeing, grouped the way reviewers group them, with the framework each one maps to. The industry standardized this in 2026: CSA’s AI-CAIQ now carries 320 such questions, and enterprise reviewers are adopting it as the template. Answer them before the questionnaire arrives and the review stops being the slow part of your deal.
Provide an inventory of all AI models and autonomous agents in your product, including base model, version, hosting location, and provider.
Always the first question. No inventory reads as no governance.
For each model: is it third-party hosted, self-hosted open-weight, or fine-tuned by you? Who owns the weights and the fine-tuning data?
Determines whose terms govern the customer's data.
Describe how model and prompt changes are versioned, tested, and approved before production.
Change management, restated for models.
Can our data reach a third-party or foreign-hosted model? Under what controls?
The sharpest question in the section. "We trust the API terms" fails it.
Is customer data used to train or fine-tune any model, yours or a provider's? Show the contractual commitment.
Reviewers want the zero-retention clause, not a policy statement.
How is PII detected and handled before data leaves your boundary to any model?
They expect a mechanism (redaction, blocking), not a promise.
How is one customer's data isolated from another's across agent sessions, embeddings, caches, and logs?
Multi-tenant isolation, extended to the places AI systems leak: vector stores and context windows.
Describe how agent actions are logged. Can the logs be altered after the fact, and how would we know?
Tamper-evidence is the 2026 upgrade to "do you have logs."
What tools, APIs, and data sources can your agents call? How is that list enforced at runtime rather than by convention?
Capability overprovisioning is the reviewer's favorite agent risk.
How do you defend against prompt injection causing an agent to take an unintended action or exfiltrate data?
They want layered controls, not "the model refuses."
Which agent actions are irreversible or consequential, and what extra controls gate them?
Reversibility classification. Most vendors have never written this down.
Can you reproduce, for a given past decision or action, exactly what the agent saw and did?
Replayability. This is what "audit trail" means to an examiner.
Describe human oversight for consequential agent actions. How are overrides recorded?
Human-in-the-loop with evidence, not as a diagram.
How do you detect a model or agent that degrades silently, and what is your rollback procedure?
Monitoring question in agent clothing.
What is your incident response process for an AI-specific failure: hallucinated output acted upon, data leak via prompt, agent misuse?
Your existing IR plan probably does not name these. Theirs asks for them by name.
Will you notify us when you materially change models, providers, or agent capabilities?
Turns your roadmap into their contractual right.
List all AI subprocessors, their locations, retention terms, and training-use commitments.
Your model providers are subprocessors now. Most subprocessor lists have not caught up.
What framework do you operate AI governance under (NIST AI RMF, ISO 42001), and who owns it?
A named owner scores better than a certification claim.
Which regulatory regimes reach your AI features in our deployment (EU AI Act role, state AI laws), and what is your position on each?
They are asking whether you know your own exposure.
If your AI causes us a loss, where does liability sit? Walk us through the clause.
The section's closing move. Answered by your contract, defended by your evidence.
The Review Kit turns a 30-minute intake into the full answer pack: these 20 and the full AI-CAIQ set, plus the inventory card, data-flow one-pager, DPA addendum, and evidence checklist reviewers ask for.
Get the kit, $490Compiled from vendor security reviews and public frameworks (CSA AI-CAIQ v1.1, NIST AI RMF, ISO 42001, OWASP AISVS, NIST SP 800-53). Reference only, not legal advice. daylite / review kit · hello@daylite.ai