Product Updates

Vendor Risk Assessment Portal: Streamline Third-Party AI Risk Management to Build Trust and Decrease Risk

In this blog post, we will explore the benefits and drawbacks of utilizing third-party AI/ML solutions and APIs, the importance of Third-Party AI Risk Management, and how the Credo AI Responsible AI Governance Platform can help you evaluate and mitigate the potential risks associated with AI vendors.

March 16, 2023
Susannah Shattuck
Catharina Doria

In today's competitive business landscape, the adoption of Artificial Intelligence (AI) has become a critical component of an organization's strategy, providing an unparalleled unique selling proposition and a significant competitive edge for businesses. Whereas many companies are actively trying to adopt AI across their business, others have already established comprehensive systems to leverage its benefits.

Yet, in the pursuit of accessing the most cutting-edge AI/ML solutions technology available, companies often find themselves relying on AI offerings from third-party vendors, suppliers, and cloud service providers.

Think of Generative AI or the new era of “General Purpose AI” APIs.

Given their complexity and wide range of potential applications, it would be highly unlikely, if not impossible, for organizations to develop such systems in-house without the necessary expertise and time. Instead, they often depend on APIs created by other companies, including OpenAI, Stability AI, and other prominent AI organizations worldwide.

It is true that relying on third-party technology can offer several advantages.

For instance, it provides access to cutting-edge technology with the latest and most advanced solutions available in the market without having to invest in their own R&D; it reduces time and costs by leveraging the expertise of vendors who have already invested in developing and testing the technology, and improves flexibility and scalability, allowing organizations to adapt easily to changing business needs and growth requirements without the need for significant infrastructure or resource investments.

Nevertheless, relying on third-party vendors can also introduce complications that organizations should be aware of, such as: 

  • Lack of transparency into Proprietary IP: Third-party technologies often keep the inner workings of their technology as proprietary IP, making it difficult for organizations to assess the risk of these systems.
  • Introduction of unacceptable levels of brand risk: The use of third-party technologies introduces potential security and compliance risks that could negatively impact organizations.
  • Vendor and procurement workflows insufficiently account for AI-specific risks: While traditional vendor and procurement risk management workflows are established for certain risks, such as cybersecurity and data privacy, they often overlook AI-specific risks. This lack of support can leave organizations vulnerable to compliance issues and other risks related to third-party AI solutions.

Despite the growing reliance on AI and third-party vendors, organizations had limited visibility into the risks posed by the AI systems they purchase from vendors — until today. 

Enter Credo AI.

We have heard from our Global 2000 customers about their concerns regarding the potential risks associated with third-party vendor tools using AI. They have emphasized the critical need to ensure that the AI systems they acquire do not introduce unnecessary levels of business risk, and how they lack the necessary tools to evaluate these AI-specific risks.

Recognizing this need, we have adapted our core Responsible AI Governance Platform to enable customers to evaluate the risks of AI systems they have not built themselves. 

As a result, organizations around the world now have an efficient way to incorporate AI risk and compliance assessment into their procurement processes and help ensure that the AI systems they procure meet their business, regulatory, and values-driven requirements.

The New Step of Procurement Risk with our Credo AI Vendor Portal. 

Credo AI's Vendor Portal streamlines the process of collecting AI risk-specific evidence from vendors, making it easy for customers to ensure that vendor solutions meet their specific governance requirements. Here's how it works:

  1. Track vendor solutions in a centralized registry: Customers can register their third-party AI systems in Credo AI's platform just like they do for their own internally built AI systems. All use cases are consolidated in a comprehensive organizational use case registry.
  1. Define vendor requirements: Customers can apply Credo AI Policy Packs to those vendor solutions, setting specific requirements. For example, a customer can evaluate an HR tool for compliance with New York City Local Law 144 (LL-144) by registering the tool in Credo AI's platform and applying our corresponding policy pack for LL-144. To see an example of this policy plack, refer to this page, and to request a demo, refer to this page
  1. Request evidence from vendors: Vendors receive an email with a link and login to the vendor portal, where they are responsible for proving that their system meets the policy pack requirements.
  1. Generate risk and compliance reports and dashboards: The evidence provided by the vendor is captured in Credo AI's platform and can be used by the customer to generate reports, dashboards, and other artifacts based on that evidence.

Credo AI's Vendor Portal simplifies the procurement process by providing a standardized way for customers to collect and evaluate AI risk-specific evidence from vendors.

Case Study: Walking the Talk with 3rd Party AI Risk Assessment

  1. Legal Risk & Regulatory Compliance in the HR Space: Credo AI assisted a Global 2000 company in evaluating their HR vendor for compliance risk with New York City Local Law No. 144, which will be enforced from April 15, 2023. The review revealed potential compliance issues with the vendor, which are now being addressed before the deadline. To read our complete Case Study, refer to this page
  1. Building Trust with Customers: Credo AI is supporting a Fortune 500 company to evaluate potential risks associated with facial recognition vendors for a co-development project, with a focus on identifying harmful biases and potential performance risks.
  1. ChatGPT: A government contractor is using Credo AI to evaluate the risks of a third-party chatbot built on top of OpenAI APIs and to decide whether this chatbot meets the organization's internal AI ethics principles and requirements.

Yes, Vendor AI Risk Management is now a reality, and you can start your journey today with Credo AI. Reach out to us at to request a demo!


At Credo AI, we understand the importance of addressing AI Third-Party AI Risk Management o ensure our clients can leverage the power of AI without compromising their values or introducing unnecessary risks. That's why we've developed a Vendor Portal that provides a standardized way for customers to evaluate the risks of third-party AI systems. By streamlining the process of collecting AI risk-specific evidence from vendors, our portal enables organizations to make informed decisions and select solutions that meet their specific requirements. By partnering with Credo AI, organizations can build trust with their customers and stakeholders while unlocking the full potential of AI Systems.

DISCLAIMER. The information we provide here is for informational purposes only and is not intended in any way to represent legal advice or a legal opinion that you can rely on. It is your sole responsibility to consult an attorney to resolve any legal issues related to this information.