Map AI vendors to the controls production buyers need answered.

Scope, allowed sources, abuse controls, and prompt injection boundaries.

• How are allowed inputs, sources, and operating scope enforced?
• What prompt-injection and untrusted-content controls are documented?

Contracts, schemas, refusals, confidence thresholds, and failure paths.

• Can outputs be validated against schemas, policies, or typed contracts before action?
• What happens when confidence is low or validation fails?

Classification, minimisation, retention, redaction, and vendor data access.

• What customer data reaches prompts, logs, embeddings, support exports, and model providers?
• What retention, deletion, redaction, and sub-processor commitments are available?

Traces, evals, incidents, drift, operational review, and production metrics.

• Can prompts, outputs, model versions, tool calls, users, and trace IDs be exported?
• How are incidents, drift, refusals, and unsafe actions reviewed over time?

Versioning, release gates, canaries, rollbacks, and reproducibility.

• Are prompt, model, tool, and policy changes versioned, tested, and reversible?
• Can production be isolated from silent model or platform changes?

Autonomy limits, approvals, escalations, overrides, and audit trails.

• Which actions require human approval, and can approvals be audited?
• How are autonomy levels, overrides, and escalations configured?

Tool permissions, secrets, agent threat testing, and integration risk.

• Are tool permissions, API keys, secrets, OAuth grants, and roles least-privilege by default?
• What AI-specific threat testing has been performed?

Provider fallbacks, dependency inventory, portability, and degraded modes.

• Can data, prompts, traces, workflows, and evaluation sets be exported?
• What happens during provider outage, price change, model deprecation, or vendor exit?