There's a ritual every security and procurement team knows. A vendor sends over their SOC 2 report. Someone skims the exceptions, confirms the scope and the dates, files it in the GRC tool, and checks the box. Renewal handled. Risk accepted.
That ritual is quietly out of date — and the gap it leaves is exactly the kind a regulator or a breach tends to find first.
Because here is what a SOC 2 report does not tell you: whether that vendor has wired AI into the product you depend on, what your data does once it reaches a model, and whether anyone on their side is governing it.
What SOC 2 actually attests — and what it doesn't
A SOC 2 report is an auditor's opinion on whether a vendor met defined criteria for security, availability, processing integrity, confidentiality, or privacy over a window of time. It is useful. It tells you the vendor has access controls, change management, and monitoring that an independent party looked at.
It says nothing about AI model risk. It doesn't tell you whether the vendor trains models on your data, whether their AI features were even in scope for the audit, whether they test those models for failure or manipulation, or whether a subprocessor three layers down is quietly running your customers' information through a large language model. The Trust Services Criteria were not written for any of that. And most of the reports sitting in your folder predate the vendor's AI features entirely.
So you are holding an attestation about the building's locks, for a product that has quietly grown a new door.
The questions your vendor file can't answer
Most firms discovered AI inside their own walls before they thought to ask about it in their vendors'. The vendors moved just as fast. The support tool added an AI assistant. The analytics platform started "enriching" records with a model. The roadmap now routes your data through inference you never reviewed and never approved.
Here are the questions a vendor file should be able to answer, and almost never can:
- Which of your products or features use AI, and which of them touch our data?
- Do any of your subprocessors or downstream vendors run our data through AI models? (Fourth-party AI is the layer nobody maps.)
- Is our data used to train, fine-tune, or improve your models — and can we opt out in writing?
- What happens to our data at inference: is it retained, logged, or reviewed by a human?
- How do you test your models for failure, bias, and manipulation such as prompt injection — and will you share the results?
- Who owns AI governance on your side, and does your incident-response process notify us when an AI system fails?
- Can you show alignment to a recognized framework — NIST AI RMF or ISO 42001 — or is "we take security seriously" the entire answer?
If your largest vendor can answer all seven cleanly, you have a mature partner. In practice, most can answer two.
Enterprise already buys its way out of this. Mid-market hasn't.
Large firms have started spending to close the gap. Vendor-AI-inventory platforms now scan a company's supplier network and surface the AI nobody catalogued — in one published case, a single financial-services firm's vendor network turned up dozens of AI models and dozens of vulnerabilities that had never once appeared in a security questionnaire.
Mid-market firms don't have that. They have a SOC 2 folder, a questionnaire written in 2022, and a renewal calendar. The result is a structural blind spot, and it runs the wrong way: the smaller you are, the more of your operation rides on vendors — and the less visibility you have into the AI those vendors just switched on.
That is the gap I close. Not with a platform license, but with a quarterly vendor AI diligence pass that maps which suppliers use AI, what your data does inside them, and which ones can't answer the seven questions. It rides alongside the SOC 2 review you already run. It just asks the half of the question your current process skips.
What we find when we look
The pattern is consistent, and counterintuitive. The vendor everyone trusts most — the one with the cleanest SOC 2 — is often the one that moved fastest on AI, because capable engineering teams adopt new capability quickly. The spotless audit and the unreviewed AI feature live inside the same vendor. The report told you the truth. It just answered last year's question.
The takeaway
A SOC 2 report answers "is this vendor's environment controlled?" It was never built to answer "what is this vendor's AI doing with our data?" In 2026, the second question is the one that shows up in a board packet, a regulator's exam, or a breach post-mortem — usually after it would have been cheap to ask.
If you want the one-page vendor AI risk scorecard — the seven questions above, formatted to drop straight into your next vendor review — message me and I'll send it over, no pitch attached. And if you'd rather see how a quarterly vendor AI diligence pass actually works, that's what RedOps does for regulated mid-market firms: redops.ai.