How do I assess third-party and vendor risk for AI models and APIs?
Assessing third-party and vendor risk for AI models and APIs involves establishing policies for supply chain risks and implementing controls to manage external components throughout the AI system lifecycle. This is crucial because AI supply chain risks extend beyond traditional software packages to include skills, Model Context Protocol (MCP) servers, and plugins, which can introduce new attack surfaces.
Here are concrete controls for assessing third-party and vendor risk:
- Develop a Third-Party/Supply-Chain Risk Policy: Establish policies that specifically address risks from third-party models, datasets, and tools, including foundation-model providers, fine-tunes, and plugins. This policy should track provenance, licensing, and model-update risks. This aligns with NIST AI RMF's GOVERN function (NIST-GOVERN-6.1) and OWASP LLM03/LLM05 (Supply Chain Vulnerabilities).
- Maintain an AI System Inventory: Keep a current inventory of all AI/agent systems, including models, agents, tools, and data flows, to ensure comprehensive governance. This is a foundational control under NIST AI RMF's MAP function (NIST-MAP-1.5).
- Implement Admission Control and Runtime Inspection: For agentic systems, nothing should run until it is scanned. Implement admission control for skills, MCP servers, and plugins, and perform runtime inspection of prompts, responses, and tool calls. This helps manage risks associated with the composable and frequently changing capabilities of agentic systems.
- Evaluate Third-Party Components Before Use: Before capabilities run, scan and evaluate skills, MCP servers, and plugins. Unify scanner findings into policy decisions to apply consistent thresholds and automated actions. This provides an admission gate for extension surfaces that are often unmanaged in agent stacks.
- Establish Controls for Suppliers and Third Parties: Implement controls for suppliers and third parties within the AI value chain, encompassing model providers, data providers, and tool/plugin vendors. This is covered by ISO/IEC 42001 A.10 (Third-party relationships).
- Monitor Non-Human Identities: Recognize that non-human identities (e.g., service accounts, API keys, AI agents) often have broad permissions and operate outside traditional identity governance tools. Maintain an inventory of these identities and continuously monitor their behavior for deviations that could indicate compromise or abuse.
- nist_ai_rmf
- DefenseClaw, MAESTRO, and the Security Boundary Agentic AI Has Been Missing
- iso_42001
- 100 Refusals to 9: How Cheap It Is to Decensor an Open Model — and Why That’s a Policy Problem
- Designing Agentic AI Systems with the ORCHIDEAS Framework
- The Agentic Ecosystem Security Gap: What 500 CISOs Just Told Us About the Breach You Haven’t Had Yet
How does your AI agent score?
Get a free, instant AI agent security readiness snapshot — mapped to NIST, OWASP & ISO — then unlock the full report with a prioritized, cited fix-list.
This AI-generated answer is for guidance only — not a certification, audit, or penetration test. Grounded in the NIST AI RMF, OWASP LLM Top 10, and ISO/IEC 42001 control text; verify applicability to your environment.