The AI Questionnaire Your Vendors Aren't Ready For

Your vendor passed their SOC 2. Their questionnaire came back clean. Their incident response plan is on file.

And somewhere in their organization, an employee just pasted a client data summary into an AI assistant to draft a report faster.

That data went to a model provider. Possibly to a fine-tuning pipeline. Maybe into a retrieval system that another customer’s query could surface later. You don’t know. Your vendor probably doesn’t know either.

This is AI as fourth-party risk. And almost no vendor questionnaire touches it.

What’s Actually Happening Inside Your Vendors

AI tool adoption inside companies is fast, uneven, and often ahead of policy. Some vendors have a formal AI governance program. Most have a policy that says “approved tools only” and a list that hasn’t been updated since ChatGPT launched. A few have nothing at all and are relying on employees to use good judgment.

In practice, that means your vendor’s account manager might be using Copilot to summarize your contract. Their support team might be using an AI tool to draft responses to tickets that include your configuration details. Their developers might be using a coding assistant that’s trained on their codebase, which contains your integration specs.

Each of those is a data flow to a fourth party. The model provider, the embedding service, the vector database sitting behind the AI tool. None of them are in your vendor assessment. None of them signed your DPA. Most of them have data retention policies that are generous to themselves and opaque to everyone else.

For banks, this isn’t abstract. Customer data, account information, transaction details, anything that touches your vendor’s systems is potentially in scope.

Why Your Current Questionnaire Misses This

Standard vendor questionnaires were built to assess how a vendor handles data within their own environment. Encryption at rest and in transit. Access controls. Backup and recovery. Incident response. Those are the right questions for a 2015 threat model.

The 2025 threat model includes a vendor ecosystem where employees are using AI tools that call out to external infrastructure as a routine part of their workday. The data leaves the vendor’s environment not through a breach, but through normal use of a productivity tool.

Most questionnaires have no section for this. Some of the more recent ones include a single checkbox: “Do you use AI tools in your operations?” That’s not enough. A yes/no answer tells you nothing about what data those tools touch, where it goes, or what controls are in place.

The OCC and Federal Reserve have been flagging fourth-party risk as a supervisory priority. AI tool usage is one of the most concrete and widespread examples of how that risk materializes. If your vendor assessment doesn’t address it, you have a gap that examiners are increasingly prepared to notice.

The Questions to Add to Your Next Assessment

These aren’t hypothetical. Add them to your standard questionnaire for any vendor that handles regulated data, customer information, or systems that connect to yours.

1. Do your employees use AI tools as part of their work? If yes, provide a list of approved tools and the data categories each tool may access.

You need the list, not the policy. Approved tools vary widely in how they handle data. A tool with a zero-retention API agreement is very different from a consumer-grade product with a model-training clause in the terms of service.

2. Does your AI acceptable use policy explicitly prohibit inputting customer data, PII, or confidential information into AI tools?

Policy exists to create accountability. If the policy doesn’t specifically name the data categories that are off-limits, “we have a policy” isn’t a meaningful control.

3. What technical controls prevent employees from inputting restricted data into non-approved AI tools?

Policy without enforcement is just documentation. DLP controls, endpoint restrictions, browser extensions that block non-approved AI sites. Ask what’s actually in place, not just what’s written down.

4. For approved AI tools, what are the data retention terms? Does the provider use customer data for model training?

This is where most vendors will have to go look something up, which is telling in itself. The answer should come from the actual terms of service or a data processing addendum with the AI tool provider, not from a general impression of how the tool works.

5. Do you have a process for assessing AI tools before approving them for use with customer data?

Mature vendors have a review process. They evaluate the tool’s data handling, retention policies, subprocessors, and security posture before approving it. Ask what that process looks like. If there isn’t one, the approved tools list was probably assembled informally.

6. Have you experienced any incidents involving unauthorized data exposure through an AI tool? If yes, describe the incident and remediation.

Most vendors haven’t had a formal incident. But many have had near-misses: an employee who used a personal AI account, a tool that turned out to have broader data retention than expected, a prompt that included more context than it should have. Asking the question signals that you expect them to be tracking this.

What Good Looks Like

A vendor with a mature AI governance posture can answer all of these questions specifically and in writing. They have an approved tool list with documented data handling requirements for each tool. They have a pre-approval process. They have technical controls that back up their policy. They have a DPA or zero-retention agreement with every AI provider their employees use for work that touches customer data.

That’s not a high bar. It’s basic governance applied to a relatively new category of tool. But right now, most vendors aren’t there yet. Many are still figuring out what they’re even using.

The vendors who can answer these questions are doing the work. The ones who can’t are operating with a blind spot, and your data is inside it.

A Note on Your Own House

Before you send this questionnaire to your vendors, run the same questions internally.

Which AI tools are your employees using? What data are those tools touching? Do you have a policy, and does it have teeth? Have you reviewed the data handling terms for every approved tool?

Fourth-party risk runs in both directions. Your vendors have the same right to ask you these questions. And if you’re assessed by a regulator, the answers better be consistent.

This is the second post in a series on fourth-party risk. The first covers OAuth token chains and how they create downstream access you don’t know about. Read it here.

If you want help updating your vendor assessment program to address AI risk, or need a third party to run these questions on your behalf, reach out to Vaughn Cyber Group.