When Your Vendors Start Thinking: Updating Risk Reviews for AI-Enabled SaaS

SaaS tools are quietly integrating artificial intelligence into their core functions. This session will explore how privacy and security teams can evolve vendor assessment processes to track and manage new risks introduced after onboarding. Especially with agents, MCP and personal AI tooling, AI adoption in the enterprise can expose complex security, privacy and compliance risks. We will review the top five risks to consider for AI-powered systems, how to appropriately review AI vendors, and what compensating controls you can put in place to protect your company. Finally, we will describe how to develop a comprehensive AI governance program by leveraging existing governance processes (e.g., for TPRM, privacy, security), stakeholders, and systems, rather than the more cumbersome, and likely less successful, approach of developing a standalone program.

What you will learn:

• The top security, privacy and compliance risks of AI and agentic systems, and how to review vendors and 3P tools appropriately. 
• How to identify shadow AI or AI misuse within your company and provide an approved safe path for adoption. 
• Guidance on developing a comprehensive AI governance program for vendors that leverages and expands on existing TPRM processes.