AI vendor questionnaire claims: what evidence should buyers ask for?

Last reviewed June 2, 2026

AI vendor questionnaire answers often turn broad claims into short yes/no responses. This guide helps procurement, security, and due-diligence reviewers convert AI security questionnaire, DDQ, RFI/RFP, and AI-CAIQ answers into evidence requests before relying on the answer.

Fastest path: copy one exact vendor sentence that matches this pattern, then open the checker. Add the public URL only if you want readable page context recorded alongside the wording. The result is an evidence-burden note you can reuse in vendor follow-up or internal review, not a verdict. Not sure what a result looks like? See a sample receipt.

What to verify before you rely on the claim

  • The exact questionnaire, DDQ, RFI/RFP, security review, or AI-CAIQ answer text with date and owner.
  • Attachments matched to the answer: DPA, subprocessor list, SOC 2 scope, model card, benchmark report, data-flow map, incident process, or audit log sample.
  • Scope boundaries for product, plan, endpoint, region, connected app, model provider, customer configuration, and excluded workflow.

Sources behind AI vendor questionnaire and DDQ claims

  1. · Released October 16, 2025; accessed June 2, 2026

    Official CSA source for AI-specific self-assessment questions, justification questions, and evidence for AI controls.

  2. · Released July 9, 2025; updated October 30, 2025; accessed June 2, 2026

    Official CSA source for AICM controls, AI-CAIQ mapping, model-provider and orchestrated-service-provider roles, and evidence documentation rules.

  3. · Released January 27, 2026; accessed June 2, 2026

    Official CSA source for CAIQ as a cloud-provider security control transparency questionnaire.

  4. · Accessed June 2, 2026

    Professional guidance source for AI procurement questions about training data, live data, audit trails, oversight, performance updates, and model documentation.

  5. OpenAI business data page OpenAI company-page
    · Accessed June 2, 2026

    Public company source for no-training-by-default, ownership, confidentiality, retention controls, service-provider, and regional-processing wording used as questionnaire answer examples.

Documented AI vendor questionnaire and DDQ claims examples

"We don't train our models on your organization's data by default"

Compliance / Safety
Source and date
OpenAI business data page · Accessed June 2, 2026
Evidence signal
A yes/no no-training answer can hide product, endpoint, opt-in, fine-tuning, feedback, and connected-app exceptions.
Evidence gap
A buyer needs covered products, plan scope, input/output coverage, opt-in settings, fine-tuning terms, feedback handling, and DPA language for the deployment.
Buyer question
For a questionnaire answer that says no customer-data training, which products, endpoints, opt-ins, feedback channels, and fine-tuning workflows are included or excluded?

"Your organization's data always remains confidential, secure, and entirely owned by you"

Compliance / Safety
Source and date
OpenAI business data page · Accessed June 2, 2026
Evidence signal
Broad ownership and security answer without a data-category, service-provider, retention, support-access, or contract-scope boundary.
Evidence gap
A buyer needs data categories, access roles, subprocessors, support review, retention controls, deletion process, and contract terms tied to the product surface.
Buyer question
For a questionnaire answer about ownership and confidentiality, which prompts, files, outputs, logs, connector data, and support cases are covered?

"automatically makes any website fully ADA and WCAG 2.1 compliant"

Compliance / Safety
Source and date
FTC v. accessiBe Inc. · March 2024
Evidence signal
A compliance yes answer can imply complete standard coverage when the AI only supports selected remediation steps.
Evidence gap
A buyer needs standard version, audit scope, issue categories automated, manual remediation boundary, retest cadence, and who reviews the final site.
Buyer question
If the vendor answers yes to an accessibility or compliance questionnaire item, which standard version and product configuration does the evidence cover?

"state-of-the-art (SOTA) across key coding benchmarks"

Accuracy / Performance
Source and date
OpenAI introducing GPT-5 for developers · August 7, 2025
Evidence signal
Benchmark answer used as procurement proof without the run setup, comparison set, omitted tasks, or production-transfer boundary.
Evidence gap
A buyer needs benchmark version, model version, prompt/scaffold, tool access, comparison set, evaluation date, and whether the live product uses the same configuration.
Buyer question
If a questionnaire answer cites benchmark performance, what run setup and production configuration make that score relevant to our workflow?

Steps for checking AI vendor questionnaire and DDQ claims

  1. 1. Copy the exact questionnaire answer Question text, answer text, source document, and date

    What exact DDQ, security questionnaire, RFI/RFP, or AI-CAIQ answer will the buyer rely on, and who owns that answer inside the vendor team?

  2. 2. Separate policy answers from product evidence Policy document versus product-specific artifact

    Is the answer backed by a policy, a trust-center statement, or evidence for the exact product, plan, endpoint, region, and configuration the buyer will use?

  3. 3. Ask which yes/no answers need attachments Audit report, DPA, subprocessor list, benchmark report, data-flow map, or incident runbook

    Which answers require an attachment before the buyer can treat the claim as supported rather than aspirational?

  4. 4. Map AI-specific questions to claim type Training data, retention, model provider, benchmark, human review, action boundary, or incident response

    Which part of the answer creates the highest evidence burden: no training, zero retention, model routing, benchmark score, fully automated action, or compliance scope?

  5. 5. Record the scope limit beside the answer Product, plan, region, endpoint, feature, customer responsibility, and excluded workflow

    What scope limit should travel with this questionnaire answer when it is copied into a security review or buying memo?

  6. 6. Route unresolved answers into the checker Exact public claim or questionnaire response

    Which answer should be pasted into the checker to generate an evidence-burden note and buyer questions for follow-up?

Evidence map for AI vendor questionnaire and DDQ claims

Claim pattern Evidence needed Buyer question
AI vendor questionnaire says yes to no training on customer data Product/plan scope, API and app coverage, opt-in settings, feedback use, fine-tuning terms, DPA language, and subprocessor access. Which data is excluded from shared model training, and what settings or product surfaces change that answer?
AI vendor security questionnaire says data is not stored or zero retention applies Eligible endpoints, retention window, logs, metadata, abuse-monitoring exceptions, audit records, support cases, and configuration evidence. Which request bodies, response bodies, logs, metadata, and support records remain after the stated retention period?
AI-CAIQ, CAIQ, DDQ, or RFI/RFP answer cites controls without attachments Control ID or question ID, evidence attachment, owner, last review date, product scope, and justification for exceptions. What artifact proves this answer for the AI feature, and when was that artifact last reviewed?
Vendor says SOC 2, ISO, HIPAA, GDPR, or AI Act scope covers the AI feature System description, report period, feature boundary, model-provider path, customer configuration, DPA/BAA terms, and exceptions. Does the audit or contract scope name the AI feature and data path we would use, or only the vendor's broader platform?
Vendor answers that the AI agent can act autonomously Allowed actions, approval gates, role permissions, transaction limits, rollback path, audit logs, and human handoff criteria. Which actions can change records, send messages, sign off requests, or affect customers without human review?
Vendor cites benchmark, accuracy, or model-performance numbers in the questionnaire Benchmark version, dataset split, model version, prompt/scaffold, tools, omitted tasks, variance, and buyer-workflow fit. What benchmark setup produced the number, and does the deployed product use the same setup?

Evidence buyers need for AI vendor questionnaire and DDQ claims

  • The exact questionnaire, DDQ, RFI/RFP, security review, or AI-CAIQ answer text with date and owner.
  • Attachments matched to the answer: DPA, subprocessor list, SOC 2 scope, model card, benchmark report, data-flow map, incident process, or audit log sample.
  • Scope boundaries for product, plan, endpoint, region, connected app, model provider, customer configuration, and excluded workflow.
  • A separation between policy-level answers and evidence for the AI feature the buyer will actually deploy.
  • A record of unresolved answers that should become follow-up buyer questions before contract reliance.

Buyer questions for AI vendor questionnaire and DDQ claims

  • Which AI questionnaire answers are policy statements, and which are backed by product-specific evidence?
  • For no-training, zero-retention, and regional-processing answers, which products, endpoints, logs, metadata, and subprocessors are in scope?
  • For SOC 2, ISO, HIPAA, GDPR, or AI Act answers, does the report or contract name the AI feature and model-provider path?
  • For AI agent answers, what actions require human sign-off, rollback, audit logs, or customer notice?
  • For benchmark or accuracy answers, what run setup and production configuration support the number?
  • Which yes/no answers should not be accepted without an attachment, date, owner, and scope note?

Safer wording for AI vendor questionnaire and DDQ claims

  • This questionnaire answer applies to [product/plan/endpoint] and is supported by [artifact] reviewed on [date].
  • No customer-data training applies by default for named products; opt-in, fine-tuning, feedback, connected apps, and subprocessors follow separate terms.
  • Zero retention applies to eligible request and response bodies; logs, metadata, support, moderation, and audit records are documented separately.
  • The AI feature is within the audit or contract scope only where the system description, data path, and customer configuration are named.

AI vendor questionnaire and DDQ claims questions

What should an AI vendor questionnaire include?
It should include the exact AI feature, data categories, training-use boundary, retention terms, subprocessor and model-provider path, security controls, human review points, benchmark evidence, incident process, scope limits, and evidence attachments for each yes/no answer.
How is an AI vendor questionnaire different from due diligence?
A questionnaire is one document or answer set. Due diligence compares claims across product pages, sales decks, demos, contracts, trust-center documents, and security reviews before a buying decision. A questionnaire answer can feed due diligence, but it does not approve or rank a vendor.
Can AI-CAIQ answer a vendor security review by itself?
No. AI-CAIQ can structure AI-specific control questions, but buyers still need evidence attachments, product scope, data-flow details, exception notes, and a match to the feature and configuration they will use.
What questions should I ask an AI vendor before signing a contract?
Before signing, get specific answers to: Which AI model or models does this product use, and which version is currently deployed? What data does the model see—prompts, files, outputs, user metadata, support cases? Is training on customer data off by default, and what plan, setting, or feature changes that? Which certifications or audits cover the AI feature specifically, not just the broader platform? Which steps require human review and which run without it? When the AI produces a wrong output, who is responsible and how is it corrected? These questions apply whether the vendor sends a formal questionnaire or only a product page and sales demo.
How do I know if an AI vendor's security questionnaire answer is specific enough to rely on?
An answer is specific enough when it names the exact product, plan, or endpoint it covers; references a supporting attachment (audit report, DPA, subprocessor list, or data-flow map); includes a review date or report period; and states any configuration the buyer must set for the answer to apply. A policy-level statement—'we take data security seriously' or 'we comply with industry standards'—covers no particular product, feature, or deployment context and is not a sufficient answer on its own.
What is an AI DDQ and what should it cover?
A DDQ (due diligence questionnaire) in AI procurement is a structured set of questions sent to a vendor before signing, to evaluate AI-specific risks. An AI-specific DDQ should go beyond general IT security to include: training-data use and opt-out options; model provider identity and routing; benchmark evidence and whether it applies to buyer workflows; human-review and handoff points; compliance scope (SOC 2, HIPAA, GDPR, EU AI Act) named for the AI feature specifically; incident response for AI-specific failures; and data-retention and deletion terms by endpoint and data category. The CSA AI-CAIQ is a public questionnaire template that covers many of these areas.
How do I apply consistent evaluation questions to multiple AI vendors?
Send the same questions to each vendor—particularly around training-data use, retention scope, model provider, compliance coverage, human-review boundary, and benchmark method—and record the answer, supporting attachment, and scope note for each. The goal is not to rank vendors, but to compare evidence quality: whether each vendor names a specific product and date, or responds only with policy language. An answer that names a product, cites an attachment, and states a scope limit can be verified; an answer that does not cannot.
What should I do if an AI vendor will not answer specific questionnaire questions?
Note the declined questions and ask which product or contractual boundary prevents the vendor from answering. Common legitimate reasons include trade secrets around model architecture, pending audits, or NDA-protected configuration details—each of which should come with an alternative evidence path such as a summary report, third-party attestation, or contractual commitment. If a vendor declines questions about training-data use, retention scope, or compliance coverage with no alternative, document that the evidence burden for those claims remains unmet. That gap should appear in any internal procurement memo or recommendation.