Third-Party AI Risk
Overview
Most enterprises consume AI through third-party APIs (OpenAI, Anthropic, Google) or embed open-source models. Each introduces risk that your existing vendor risk management may not cover.
Risk Categories
| Risk | Description | Impact |
|---|---|---|
| Data exposure | Your data sent to third-party for processing | Privacy violation, IP leakage |
| Vendor lock-in | Deep integration with one provider's API | Business continuity risk |
| Model changes | Provider updates model, behavior changes | Application breakage, safety regression |
| Availability | Provider outage takes down your AI features | Service disruption |
| Compliance gap | Provider's data handling doesn't meet your requirements | Regulatory violation |
| Supply chain | Provider's model is compromised or poisoned | Inherited compromise |