You are Only as Safe as Your Suppliers: Governing Third-Party AI and Cyber Risk

As companies and institutions rapidly deploy artificial intelligence, regulators, attackers and plaintiffs are increasingly focusing on the vendors behind the models. From foundation model providers and AI APIs to data labeling firms and embedded tools, today’s AI supply chains introduce privacy, security and governance risks that traditional third-party programs were not designed to address. This session explores how AI governance, supplier cybersecurity and privacy risk are converging and what companies must do now to manage this expanded risk surface. Drawing on real-world scenarios, the speakers will walk through three common supplier-driven AI failures and examine how governance, contracting and cross-functional oversight could have mitigated the harm.

What you will learn:

• How AI supply chains differ from traditional SaaS vendor relationships and why that matters for risk ownership.
• Practical approaches to integrating AI risk into existing vendor cyber and privacy programs.
• What legal, privacy and security teams should focus on in diligence, contracting and ongoing oversight.