Are AI Tools Secure? (Practical Checklist for SaaS)

"Secure" means six different things in AI procurement. Here is the practical checklist your security review should cover.

1. Data Residency and Training Opt-Out

2. Encryption

3. Access Controls

4. Compliance Certifications

5. Prompt Injection and Jailbreak Risk

6. Vendor and Supply Chain Risk

Questions to Ask the Vendor

  1. Where does our data flow? List all subprocessors.
  2. Do you train on our data? Default and opt-out path.
  3. Where is data stored at rest? Encryption keys?
  4. What compliance certifications are current? Last audit date?
  5. How do you handle prompt injection?
  6. What is your data deletion policy on contract termination?

What to Do Next

For any AI tool touching customer data, run the full checklist before signing. For internal-only tools (you and your team), a lighter review (1-3-4-6 above) is fine.