AI Vendor Fundamentals: A CTO's Perspective

Designed For:

Buyers or users of an AI vendor that intend to input sensitive data into the vendor's API or web interface.

Purpose:

This screen is from the perspective of a CTO or product/engineering leader who is concerned with how vendors handle inputs and outputs of AI models, fine-tuned models, and usage rights to other sensitive data.

The target use cases are:

1. A SaaS or B2B application that regularly answers to their customers' CISOs regarding data protection. Specifically if the application lists an AI vendor as a subprocessor of its customers' data.

2. A team leader or department head who is concerned with how an AI service such as a chatbot or a copilot will handle sensitive inputs. This includes things like trade secrets, intellectual property, or sensitive customer data that might be included as input to an AI model in the course of using the service for internal efficiency, productivity, research, etc.

Limitations, Assumptions, Details:

This screen is not an exhaustive review of the contract from the perspective of a procurement team or in-house counsel. Common legal terms and deal terms that would be of interest for a standard SaaS deal are not all covered here. If this screen is run on a contract that is unrelated to AI services, answers will not be particularly useful and the contract may very well be fair regardless of how many standards pass or fail.

This screen has been tested against a random sample of AI vendor contracts. The overall accuracy across that sample set was 99% across all questions and standards.

Tips

Ensure that you've uploaded the correct contract. AI service providers often have separate contracts for business/enterprise terms, for API usage, and for free users. Cloud providers that provide AI services often have service specific terms that augment their standard customer agreement.