Competitive positioning, enterprise FAQ, and glossary for sales and procurement conversations.
Cyber risk ratings based on a company's external security posture — DNS, network, website hygiene.
They rate the company's website. We rate the AI agent's actual operational behavior. A vendor can score A+ on BitSight and still go dark tomorrow if they can't pay their compute bills.
Third-party risk management — send questionnaires, collect documentation, manage risk registers.
They rely on self-reported data. We observe actual behavior. An annual questionnaire doesn't catch API keys leaked on GitHub at 3 AM.
Monitor your cloud infrastructure — misconfigurations, vulnerabilities in your AWS/Azure/GCP environment.
They monitor what's inside your environment. We monitor external AI vendors that have access to your environment. Complementary, not competing.
Govern internal AI models — bias detection, explainability, internal AI audit trails.
They assess the AI you build. We assess the AI you buy. Most enterprises have far more external AI vendors than internal models.
No. We monitor vendor behavior through public APIs, network traffic analysis, and publicly available signals. We do not access your customer data, documents, or internal systems. Onboarding requires only an API connection to your procurement or IT system for vendor discovery — we read vendor metadata, not content.
Security ratings assess a company's external security posture — their website, open ports, DNS records. We assess the actual operational behavior of AI vendors: uptime, payment reliability, contract adherence, and security incidents. A vendor can score A+ on BitSight and still go dark tomorrow. We measure what actually predicts vendor failure.
No. All inputs are derived from observable operational behavior, not self-reported data. Our anomaly detection identifies artificial inflation attempts and applies automatic penalties. The algorithm is audited quarterly by an independent third party. Methodology available to Enterprise customers under NDA.
You receive an immediate alert via your configured channels (email, Slack, ServiceNow). If you have automated policies configured, the system can block or restrict the vendor automatically. For example: “If score drops more than 100 points in 30 days, create a P2 incident and notify the CISO.” You define the thresholds; we enforce them.
Yes, available in Enterprise tier. We deploy a containerized version in your environment with no external data transmission. All scoring runs locally using our engine. Standard cloud deployment: 2 weeks. On-premise: 4–6 weeks. No code changes required on your end.
Standard cloud deployment: 2 weeks. On-premise: 4–6 weeks. Our 30-day pilot starts with shadow AI discovery (no integration required for phase one) so you can see value before integration work begins.
We integrate with them. TrustVerify AI feeds scores into your existing Salesforce, ServiceNow, or SAP Ariba workflows via REST API and webhooks. Scores appear in the systems your team already uses — not a new dashboard they have to log into daily.
We are GDPR and CCPA compliant today. HIPAA Business Associate Agreements (BAA) available for healthcare customers. SOC 2 Type II audit in progress (target Q4 2026). We do not retain customer data content — only metadata. Full details in our Security Whitepaper.
Annual subscription based on number of vendors monitored. Predictable, no usage surprises: Starter ($2K/month, 50 vendors), Professional ($8K/month, 250 vendors), Enterprise ($25K/month, unlimited). Custom pricing available for MSPs, government, or high-volume use cases. All plans include a 30-day pilot.
Yes. The Trust Discovery Pilot is 30 days at no upfront cost. It includes full Professional tier access, a shadow AI discovery report, vendor risk assessments, policy recommendations, and an executive summary for your board. We invoice only if you convert to an annual contract. Pilot conversion target: 60%+.