The largest source of shadow AI: SaaS tools that already exist in the company turning on new AI features overnight.
Required additions to the standard vendor-onboarding process:
- AI governance questionnaire appended to every vendor security review. Standard fields:
- Does the product use AI / LLMs / ML? Which models? Hosted where?
- What customer data does the AI touch?
- Is customer data used for model training? Opt-out path?
- Change-notification policy when models or AI behavior is updated?
- Audit trail provided to the customer for AI-driven actions?
- Human-in-the-loop controls exposed to the customer?
- Contractual notification when vendors materially update AI models or AI behavior. "Material" defined explicitly.
- Risk classification applied to vendor AI features using §10's framework. "Summarize this email" inside Outlook is Low. "Auto-respond to customer tickets" inside Zendesk is High.
- Annual recertification of vendor AI in production. Quarterly catalog refresh.
The "auto-update problem" — a vendor toggles a new AI feature on Tuesday; by Friday, customer PII flows into a model whose terms Legal has never reviewed. The procurement gate plus the quarterly catalog refresh plus the contractual notification clause prevent it.