AI Vendor Risk Index
Open-source, evidence-based risk scores for 56 AI vendors across Security, Compliance, Transparency, Privacy, and Supply Chain. A free alternative to enterprise GRC platforms, purpose-built for AI.
Risk Dimensions
Each vendor is scored 0-100 across five weighted dimensions, producing an overall letter grade from A+ to F.
Security (25%)
SOC 2, ISO 27001, bug bounty programs, incident response capabilities, and penetration testing practices.
Compliance (20%)
GDPR, HIPAA, FedRAMP, EU AI Act readiness, and regulatory certifications across global frameworks.
Transparency (20%)
Model cards, training data disclosure, audit access, open benchmarks, and documentation quality.
Privacy (20%)
Data handling policies, opt-out mechanisms, retention limits, and data processing agreements.
Supply Chain (15%)
Open-source component tracking, dependency transparency, SBOM availability, and upstream risk visibility.
Coverage
Who Uses This
CISOs and Security Teams
Vendor due diligence and third-party risk assessments for AI-specific threat surfaces.
Compliance Officers
GDPR, HIPAA, and FedRAMP readiness checks mapped to AI vendor capabilities.
Procurement Teams
Side-by-side vendor comparison during RFP evaluation with standardized risk metrics.
Investors and Analysts
Screening AI companies for governance posture, regulatory readiness, and operational risk.
Data Tiers
Community tier provides free access to overall scores for all 56 vendors and full dimension breakdowns for 13 vendors. Professional and Enterprise tiers unlock confidence scores, historical data, regulatory readiness indices, and bulk export capabilities.
Methodology
Risk scores are calculated from public evidence including certifications, published policies, audit reports, regulatory filings, and vendor documentation. Each dimension uses weighted scoring with confidence levels tied to evidence quality. Scores refresh weekly via automated pipelines with manual verification for significant changes.