AI tools are making workflows faster and more productive, but there can be a trade-off for such efficiency.
Using AI tools introduces several risk areas. Before adopting a tool from an AI vendor, organizations should understand how their data (inputs and outputs) are used and protected.
While security and privacy reviews are important, it is equally important to consider the contractual provisions governing the AI vendor’s interaction with your data, and any protections in place.
Make sure to examine licensing agreements to understand:
-
The scope of the AI vendor’s access to your information
-
The vendor’s permitted uses of your information
-
The obligations, if any, the vendor owes you with respect to your information
As the founder and principal attorney at ZeroDay Law, I discuss the important hot spots in AI vendor contracts in my latest podcast episode from Decoding Cyber Law.
Here are the highlights.
Prefer to listen to the 10-minute podcast? Tune in here.
Three Types of AI Vendors: Why the Company Behind the Product Matters
Before you get into assessing an AI product's security, before you get into the AI vendor's actual contract language — bear in mind that the company behind the product (among many other factors) impacts your risk analysis of adopting that product.
I think about it in three buckets.
1. Large, Established Providers
Microsoft, Google, Anthropic and OpenAI are all examples of large, established AI providers. Part of what you're paying for here is years of investment in security and privacy. A systemic breach or mass, routine privacy failures could cause these companies measurable financial harm — not just reputational damage — so they're incentivized to keep investing in and prioritizing security and privacy, at least to a certain extent. None of them are perfect — far from it — but compared to a company that's only existed for a couple of years, they've had time to build the underpinnings. That's a reasonable starting assumption, not a guarantee. That same exposure carries into the contract: these providers have more to lose if they promise in writing to protect hundreds of millions of people's data and then fail to live up to that promise — or fail to invest in the damage control when something goes wrong.
2. Specialized AI Vendors
Specialized AI vendors are companies that provide a focused AI function, like a spreadsheet tool or a receipt-management app. These vendors may not carry the imprimatur of a multi-billion-dollar company, and it's reasonable to assume they haven't yet built the kind of time-tested, well-vetted security and privacy practices that come with years of scale. That doesn't mean the product is unsafe. It means they're still focused on raising money, proving reliability, and building out features, and security and privacy realistically can't be the top priority while they're fighting to survive and grow. Because they're still working to build their brand and drive adoption, they may take on more contractual risk than they can really back up — either promising stronger security than they can deliver, or being upfront that they offer limited protection, including refusing to indemnify you at all.
3. Custom AI Development Partners
Firms you want to build a bespoke AI tool for in-house use, you’d be looking for a custom AI development partner. This bucket is a wildcard. You'll want to know whether the development partner has a reputation for secure software development, but that's genuinely hard to assess without the right technical expertise — this is a good time to phone a friend. If the partner does have a strong reputation, that's a positive starting point, but keep in mind that AI development moves so fast that even reputable shops don't always treat security as a top priority. It also matters what the tool will actually do. Is it an internal-only document review tool? Or will it collect sensitive information from external parties, then store and analyze that information going forward? The more sensitive and critical the work you're handing to the tool, the more carefully you need to understand the secure development practices you can actually expect.
None of this means you can sort a vendor into a bucket and stop there. Company size and specialty are a starting point, not a substitute for looking at the specific product or feature you're actually adopting. Even NIST's own framework for evaluating software security is built this way — it assesses the practices behind a given piece of software, not the size or reputation of the company that built it. As you weigh a vendor's likely security and privacy posture, and decide how much weight to put on their contractual promises, keep your eye on the actual product in front of you.
You'll drive yourself crazy trying to find the "right" product with the "right" security capabilities and guarantees. That's not the goal. You may choose to accept varying levels of risk — but I can't emphasize enough the importance of at least being aware of the potential risks and benefits of an AI product, so you don't lose sight of them as your workforce adopts more and more AI tools.
AI Security and Privacy Reviews Need a Second Layer
Security and privacy reviews are one part of the evaluation process. Separately, organizations should review an AI vendor's contractual terms.
A standard AI vendor contract review should dive into the vendor’s current policies, specifically those addressing data handling and protection. For example, a vendor may claim it offers “perfect security,” but that’s not something you can take at face value because there really is no such thing as “perfect security.” Validate what the provider is claiming.
Additionally, you’ll likely need a second layer of vendor questions. This second layer is where you will determine if the vendor has actually adapted its controls to include the use of AI, not just provided a policy about it.
Who in your organization should complete this process?
Typically, these contracts and terms are reviewed by either the IT or the InfoSec department. It can sometimes be difficult to determine which department should be responsible, and sometimes, internal resources may not have sufficient expertise to properly evaluate an AI tool.
Involving legal can also help push past stated policy to see more clearly how the vendor actually addresses certain issues. One area where this can occur is with the ownership of inputs and outputs.
How do file permissions work with AI tools? Take a deeper look with our blog post, Can Your AI Tool See Too Much? File & Folder Permissions, Access and Internal Risk.
Who Owns the AI Input and Output?
There is a lot of confusion around AI terminology. When these definitions and uses are unclear, it can be difficult to understand exactly what is being stated in a vendor contract.
An easy way to understand this is to divide AI data into two clear categories:
-
Inputs are anything that a user types into an AI prompt. An input can include typed text, documents, images or anything you provide access to that will help the AI tool complete its function.
-
Outputs refer to responses, documents, created images or anything that the AI has generated in response to your input.
Look at the IP section and/or license grant of your AI vendor contract to see how these data categories are handled, bearing in mind they might be handled differently.
With these data types now clear, let’s look at them individually and review key elements for each in an AI vendor contact.
Still unsure what inputs are? Our blog post, What You Need to Know Before Uploading Internal Documents to AI Tools, explores this topic.
Reviewing Vendor Rights to AI Inputs
Organizations should carefully review license grants and use restrictions that govern vendor access to inputs, specifically what rights the vendor receives to your data once it is uploaded.
In contracts that are negotiable, use limiting contract language to restrict the AI vendor’s rights to your input. The best-case scenario would grant your AI vendor the right to use your input only as is necessary to perform its obligations under the contract (i.e., to provide the tool or services under the license agreement).
Contracts may contain clauses that permit the AI vendor to provide their third-party vendors, subcontractors or subprocesses access to your input. Ideally, the contract should limit the AI vendor’s rights to grant access to your input only as is necessary to provide the required AI functionality/tool to you under the contract.
However, these AI contract clauses often contain language stating that the AI vendor and/or its vendors or subprocessors may use your data for “marketing purposes” or to “improve their product”. While these should not be considered red flags, they should be approached cautiously. Marketing and product improvement can be extremely broad; check to see if the terms are defined any more specifically so you understand the rights you are granting. If you cannot avoid granting access beyond only as is necessary to provide the tool or perform under the contract, ensure that:
-
No rights are given to the vendor to monetize input or to allow third parties to monetize data
-
No rights are given to the vendor to grant access to or usage rights any broader than its own limited rights
-
If it is provided, personal information must first be de-identified or aggregated with other information
Outputs are generally considered new content, and their value should be protected through different, specific language. Let’s review.
Defining Intellectual Property Rights for AI Outputs
Just as organizations should understand what rights a vendor receives to their inputs, they should also understand what rights the vendors grant in AI-generated outputs.
Pay close attention to the provisions defining and explaining vendor’s representations about outputs in an AI vendor contract. The provisions should clearly address whether you may use the output for your intended business purposes, including commercial use.
Specifically review any terms addressing copyright, legal compliance or restrictions on the use of outputs. These provisions help clarify what protections the vendor is offering and what risks may remain with the customer.
When evaluating output-related provisions, consider:
-
Whether you have the right to use outputs for your intended business and commercial purposes
-
Whether the vendor provides assurances against copyright or other infringement claims (or issues – and do not expect great assurances here since copyright laws are unsettled regarding IP ownership in, e.g., images based on an artist’s works
-
Whether any other types of restrictions apply to your use of generated outputs
-
Whether the vendor's liability and indemnification provisions adequately cover you for third-party intellectual property claims regarding the AI products
Generative AI content is valuable. Who Owns AI-Generated Content? Understanding AI Data Ownership in Generative Platforms can help you understand.
AI tools & services share some similarities with Software as a Service (SaaS) products, especially when integrated with SaaS products. Let’s now turn the focus to this type of contract and why additional review is needed.
AI Vendors May Use Standard SaaS Provisions
When reviewing AI vendor agreements, plan to evaluate them with the same contract considerations commonly negotiated in SaaS agreements, but within the context of AI use.
In these instances, you will also want your vendor contract to focus on:
-
Stated security and privacy commitments, and whether they hold up under AI-specific risks
-
Reps and warranties, and the carve-outs that could quietly undo them
-
Liability caps that could cover AI incidents (pay attention to carve-outs from your own liability cap)
-
Indemnification obligations, including whether either or both parties have confidentiality obligations that are subject to indemnification obligations for breaches of confidentiality
Taken together, these guidelines provide a solid foundation for analyzing risks and benefits of AI tool use within your organization, regardless of the type of contract used.
Now let’s consider risks to your data being handled or accessed by existing (non-AI) service providers who are also adopting AI tools right and left, facing the same risks and hurdles.
When Your Other Vendors Use Your Data in AI Tools
Beyond reviewing AI vendors directly, organizations should also consider how their existing service providers use AI tools. Outside counsel, auditors, accountants and other vendors may use AI systems as part of their own workflows, creating additional contractual and data governance risks to evaluate.
Here are some steps organizations can take to reduce this external exposure to AI tools:
-
Contractually require your third-party vendors to use only AI tools they have vetted
-
Require they evaluate and adjust their AI tools on an ongoing basis as security and other configuration options change
-
Build in a transparency obligation that requires your vendors to tell you when they're using AI in their work for you, and to maintain their own internal policies to protect your data
AI tools are certainly making the workplace more efficient, but when not properly vetted, they can introduce risk if you miss opportunities to follow some basic steps to reduce exposure. Taking the necessary steps to review all AI tools and their associated vendor contracts allows organizations to thoughtfully integrate new technology into the workplace with eyes open.
Governance Minimizes AI Risk
Organizations should also understand the legal and regulatory requirements that apply to their specific industry, data types and use cases. Governance is most effective when education, legal compliance and ongoing training work together.
We also recommend three specific steps to create strong compliance, governance and reduce your organization’s exposure to AI-related risk:
-
Make AI education a priority, which will help facilitate leadership and staff making informed decisions about tools, data types and use cases
-
Create a process for users to propose new AI tools and use cases, evaluated based on risk rather than gut feel
-
Tailor ongoing training so your AI governance policy lives in practice, not just on paper
For help in establishing strong policies and overall governance on the use of AI, reach out to ZeroDay Law.
Listen to the Decoding Cyber Law podcast for our discussion on how to properly approach AI vendor contracts.