Skip to content
Robossist
All posts

The AI Vendor DDQ: 3 Questions Your SaaS Security Form Misses

May 29, 20264 min readDhruv Jain

I pulled up an AI vendor assessment last month. Forty-seven questions. Encryption standards, penetration test dates, SOC 2 scope, data center locations.

Not a single question about what the vendor does with your prompt data after it processes it.

The form you're using was built for a different era

Traditional SaaS security questionnaires treat your data like a static file sitting in a database. You check encryption, access controls, and backup schedules. That covers roughly 80% of the risk surface for a conventional cloud application.

AI vendors are different. They don't just store your data. They consume it. Your prompts, uploaded files, and generated outputs can be absorbed into the model's training pipeline, passed to sub-processors you've never heard of, or cached in inference layers that live outside your contractual scope.

A SOC 2 report tells you the vendor's infrastructure is secure. It tells you nothing about what happens to your client data inside the model.

When MAS issued its Consultation Paper on AI Risk Management Guidelines (13 November 2025), it introduced four pillars: governance, risk assessment, lifecycle controls, and capabilities. Lifecycle controls specifically cover data handling, model training rights, and third-party sub-processor chains. Your standard DDQ doesn't touch any of these.

What HKMA and MAS actually expect

HKMA's GenAI Customer-Facing Circular (19 August 2024, Ref B1/15C, B9/67C) requires customer opt-out or human escalation for any customer-facing GenAI workflow. If your vendor powers a customer-facing tool, your DDQ must confirm this control exists.

The PCPD AI Model Personal Data Protection Framework (11 June 2024) maps four areas: governance, risk assessment, system management, and stakeholder communication. Your vendor assessment needs to verify the vendor's compliance with each area, not just their data storage policy.

CBUAE's Guidance Note on Consumer Protection and Responsible Adoption of AI/ML (11 February 2026) mandates a documented governance framework and an AI inventory with metadata. If your vendor is in that inventory, the DDQ is the evidence artifact.

The 3 questions your current form misses

  1. Does the vendor use your prompt data to train or fine-tune any model, including models for other customers?

    Most firms ask about data retention. Almost none ask about data absorption. OpenAI's enterprise API has a no-training policy, but their consumer products don't. Anthropic's terms vary by tier. If your staff are on the wrong tier, your client data is training material.

    Good answer: "We contractually commit that no customer data, including prompts, uploads, and outputs, enters any training pipeline. Our enterprise agreement includes audit rights to verify this."

  2. How does the vendor notify you before deprecating a model or rolling out a major update?

    Your compliance controls were tested against GPT-4o. The vendor quietly rolls out a new version with different behavior. Your risk assessment is now stale. You need a contractual obligation for at least 30 days' notice before model changes, with time to re-test against your internal benchmarks.

    Good answer: "We provide 30-day advance notice of any model deprecation and 14-day notice of significant architecture changes. Customers can pin to a specific model version."

  3. Can your administrators export prompt and response logs in a structured format for internal audit?

    When a regulator asks what your staff pasted into the AI tool last quarter, you need to produce a log. Most AI vendors don't offer structured log exports. If you can't pull that data, you can't prove compliance during an examination.

    Good answer: "Full prompt and response logs are exportable via API in JSON format, with timestamps, user IDs, and session context. Retention period is configurable up to 24 months."

What to do with this

Pull your current vendor assessment. Search for these three questions. If they're missing, add them as a dedicated AI addendum. Don't replace your existing security form. Layer the AI-specific controls on top.

The regulators aren't asking yet. But Arthur Yuen said it at the ALB keynote on 19 March 2026: HKMA is moving from principles to practice expectations during examinations. It's better to have the answers ready before they ask.

Resources

  • HKMA GenAI Customer-Facing Circular, 19 August 2024 (Ref B1/15C, B9/67C)

  • MAS Consultation Paper on AI Risk Management Guidelines, 13 November 2025

  • PCPD AI Model Personal Data Protection Framework, 11 June 2024

  • CBUAE Guidance Note on AI/ML, 11 February 2026

When you look at your current vendor assessment, which of these three gaps hits closest to home?

Private AI review

Book the private AI review.

Bring one live workflow. Leave with a governed next step leadership can review.

Full Cal.com scheduler

Select a time without leaving this page.

The calendar has its own section, full width, with timezone controls visible and a direct Cal.com fallback.
Open Cal.com
Loading the full scheduler.
Cal.com handles timezone selection and confirmation.Open direct booking page