Are AI Tools Secure? (Practical Checklist for SaaS)
"Secure" means six different things in AI procurement. Here is the practical checklist your security review should cover.
1. Data Residency and Training Opt-Out
- Where does your data physically live? (US, EU, multi-region)
- Does the vendor train models on your data? Can you opt out?
- Enterprise tiers from Anthropic and OpenAI default to no-training. Confirm in writing.
2. Encryption
- In-transit (TLS 1.2+): table stakes.
- At-rest: confirm key management — provider-managed vs customer-managed (BYOK).
- For regulated industries (healthcare, finance), customer-managed keys are usually required.
3. Access Controls
- SSO / SAML support.
- Role-based access controls.
- Audit logs for who accessed what, when.
- Session timeouts and IP allowlisting for sensitive tools.
4. Compliance Certifications
- SOC 2 Type II — minimum bar for B2B SaaS.
- ISO 27001 — common in enterprise procurement.
- HIPAA — required for US healthcare data; needs a BAA.
- GDPR / CCPA — required for any US/EU consumer data.
5. Prompt Injection and Jailbreak Risk
- If your AI tool reads user input or external content, it can be tricked.
- Prompt injection can leak system prompts, exfiltrate data, or trigger unintended actions.
- Mitigations: separate trusted vs untrusted content in prompts, use tool-use guardrails, scan outputs for sensitive data leaks.
6. Vendor and Supply Chain Risk
- Most AI tools are wrappers on Anthropic, OpenAI, or Google. Your data hits multiple parties.
- Confirm subprocessor lists and downstream agreements.
- Check vendor financial health — AI startups churn fast; lock-in is a risk.
Questions to Ask the Vendor
- Where does our data flow? List all subprocessors.
- Do you train on our data? Default and opt-out path.
- Where is data stored at rest? Encryption keys?
- What compliance certifications are current? Last audit date?
- How do you handle prompt injection?
- What is your data deletion policy on contract termination?
What to Do Next
For any AI tool touching customer data, run the full checklist before signing. For internal-only tools (you and your team), a lighter review (1-3-4-6 above) is fine.