SOC 2 AI claims: what should buyers ask?
Last reviewed June 2, 2026
SOC 2 claims on AI product pages can be useful evidence, but the wording only helps buyers if it names the report type, audit period, system scope, Trust Service Criteria, issuing CPA firm, and whether the AI feature itself is inside the report boundary. This page maps common SOC 2 AI wording to the evidence buyers should request.
Evidence buyers verify
- SOC 2 report type, audit period, issuing CPA firm, report date, and bridge letter if the report period does not cover the current date.
- System description and service scope showing whether the AI product, API, model path, logs, support access, and customer data flow are covered.
- Trust Service Criteria included: Security, Availability, Confidentiality, Processing Integrity, and Privacy.
Opens the checker for this claim type. Paste your vendor's exact wording there. Evidence questions only — not a blacklist or fraud detector. Not sure what a result looks like? See a sample receipt.
Sources this guide draws from
- AICPA SOC Suite of Services AICPA & CIMA standard· Accessed June 1, 2026
Official AICPA source describing SOC reports as CPA assurance reports for system-level controls and outsourcing risk assessment.
- OpenAI enterprise privacy page OpenAI company-page· Updated January 8, 2026; accessed June 1, 2026
Public company source for SOC 2 Type 2 compliance wording on the API platform.
- OpenAI Services Agreement security measures OpenAI company-page· Accessed June 1, 2026
Public company source for independent external auditor and SOC 2 Type II audit wording in security measures.
- OpenAI Help Center: What is ChatGPT Enterprise? OpenAI company-page· Accessed June 1, 2026
Public company source for enterprise-grade privacy and security controls wording on an AI product plan.
Public claims with documented evidence gaps
"SOC 2 Type 2 compliance"
Compliance / Safety- Source and date
- OpenAI enterprise privacy page · Updated January 8, 2026; accessed June 1, 2026
- Evidence signal
- SOC 2 Type 2 wording without the audit period, report scope, Trust Service Criteria, or product coverage visible in the claim.
- Evidence gap
- A buyer needs the SOC 2 report or trust portal access, CPA firm, audit period, system description, criteria covered, exceptions, subservice organizations, and whether the AI product is in scope.
- Buyer question
- For the SOC 2 Type 2 compliance claim, which report period, system boundary, and Trust Service Criteria cover the AI product we would use?
"SOC 2 Type II audits"
Compliance / Safety- Source and date
- OpenAI Services Agreement security measures · Accessed June 1, 2026
- Evidence signal
- Audit-program wording that may refer to periodic security reviews rather than the specific AI service, feature, or customer workflow.
- Evidence gap
- A buyer needs summary details, audit standard, audit period, covered systems, exclusions, and whether the relevant model, API, logging, and support paths are included.
- Buyer question
- For the SOC 2 audit wording, what systems and AI service components were included in the auditor's scope and which were carved out?
"enterprise-grade privacy and security controls"
Compliance / Safety- Source and date
- OpenAI Help Center: What is ChatGPT Enterprise? · Accessed June 1, 2026
- Evidence signal
- Security-grade wording near enterprise AI features without showing which controls are evidenced by SOC 2 versus product-specific settings.
- Evidence gap
- A buyer needs which controls are audited, which are configuration settings, which are plan-specific, and which AI features remain outside the SOC 2 report.
- Buyer question
- For enterprise-grade security controls, which controls are covered by SOC 2 and which depend on our workspace configuration?
Match each claim pattern to the evidence buyers need
| Claim pattern | Evidence needed | Buyer question |
|---|---|---|
| SOC 2 Type 2 compliant AI platform | SOC 2 report access, CPA firm, audit period, system description, Trust Service Criteria, exceptions, and bridge letter if period is old. | What report period and system boundary cover the AI service we would buy? |
| SOC 2 badge or trust-center logo on an AI product page | Link between the badge and report scope, product or service name in scope, criteria covered, and any excluded subservice organizations. | Does the badge cover this AI feature, API, model hosting path, and data flow, or only the vendor's general platform? |
| Enterprise-grade security backed by SOC 2 | Control list, audited versus unaudited controls, customer configuration requirements, identity controls, logging, and incident process. | Which controls are independently audited and which must we configure ourselves? |
| SOC 2 plus AI-specific privacy or model-safety wording | AI data flow, training-use boundary, model-provider path, prompt and output logging, support access, and controls not covered by SOC 2. | Which AI-specific risks are outside the SOC 2 scope and require separate evidence? |
| SOC 2 covers subprocessors or cloud providers | Carve-out or inclusive method, subservice organization list, complementary user-entity controls, and customer responsibilities. | Which subprocessors are carved out, and what controls does the customer remain responsible for? |
| AI feature is in scope of the SOC 2 report | System description, product name, AI feature boundary, model provider path, prompt and output logging, support access, criteria covered, and exceptions. | Where does the report show that this AI feature, model path, and customer data flow are inside the audited system boundary? |
Evidence to request
- SOC 2 report type, audit period, issuing CPA firm, report date, and bridge letter if the report period does not cover the current date.
- System description and service scope showing whether the AI product, API, model path, logs, support access, and customer data flow are covered.
- Trust Service Criteria included: Security, Availability, Confidentiality, Processing Integrity, and Privacy.
- Exceptions, management responses, subservice organization method, and complementary user-entity controls.
- AI-specific evidence not answered by SOC 2: training use, prompt and output retention, model provider, model monitoring, and abuse review.
Questions to put in front of the vendor
- For this SOC 2 AI claim, can the vendor share the current SOC 2 report or trust-center access under NDA?
- What exact system and service boundary does the report cover, and is the AI feature we would buy named or clearly included?
- Which Trust Service Criteria are covered, and are Privacy or Processing Integrity included or only Security?
- What exceptions, carve-outs, or complementary user-entity controls appear in the report?
- Which AI-specific data flows, model-provider paths, prompt logs, outputs, and support-access processes are outside the SOC 2 scope?
- If the report period has ended, is there a bridge letter covering the period before the next report?
Wording boundaries to compare against
- The [service name] system is covered by a SOC 2 Type 2 report for [period], under [criteria], available under NDA.
- SOC 2 covers the platform controls listed in the report; AI-specific model behavior, training use, and output accuracy require separate review.
- Security controls include [named controls] on [plan]; customer configuration is required for [identity, logging, retention, or connector settings].
- Subservice organizations are handled using [carve-out/inclusive] method; customer responsibilities are listed in the report.
Frequently asked questions
- Does SOC 2 mean an AI feature is covered?
- Not automatically. SOC 2 evidence depends on the system boundary, report period, service description, criteria covered, exceptions, and subservice organization method. Ask whether the specific AI feature, API, model path, logs, and customer data flow are named or clearly included.
- What should buyers ask for when a vendor says SOC 2 Type 2?
- Ask for report access or trust-center access, audit period, CPA firm, system description, Trust Service Criteria, exceptions, bridge letter if the period is old, and whether the AI product you would use is inside the report scope.
- Does SOC 2 prove an AI model is reliable or compliant?
- No. SOC 2 can support questions about system controls, but it does not answer model accuracy, hallucination rate, training-data use, output quality, or your deployment obligations. Those require separate evidence from the relevant claim page.
- What if the SOC 2 report does not name the AI feature?
- Ask whether the report's system description clearly includes the AI feature, API, model-provider path, prompt and output logs, support access, and customer data flow. If those surfaces are not named or clearly included, the SOC 2 claim should be narrowed to the covered platform controls.
- Can SOC 2 support an enterprise-grade AI security claim?
- It can support part of the claim if the audited controls, report period, system boundary, and criteria match the AI product surface. Buyers still need separate evidence for AI-specific risks such as model behavior, training use, connector permissions, prompt retention, and output monitoring.