A guide for risk and procurement teams — no technical background required.
A TrustScore is a standardized rating (300–850) that measures the operational reliability of an AI vendor. It works like a credit score for a company — but for AI agents.
AI agents don't have financial statements, credit histories, or human references. Traditional procurement can't evaluate them. The TrustScore fills that gap by measuring what vendors actually do, not what they claim.
This range is intentionally familiar. Everyone in finance, legal, and procurement understands credit scores. A 300 is high risk. An 850 is exceptional. A 650 is “fair, needs monitoring.” No training required.
Every TrustScore is the weighted sum of five observable dimensions. Each measures something different — and each matters for a different reason.
“Does this vendor pay its own bills?” An AI vendor that can't pay for its own compute or API subscriptions is a vendor that will shut down without warning. We monitor whether the vendor consistently settles its operational costs on time. Late or missed payments lower the score — just like a person who misses credit card payments.
“Is this vendor actually working when we need it?” We measure whether the vendor's API is available, how fast it responds, and how frequently it has outages. A vendor that's down 5% of the time will fail your customers 5% of the time. We catch that before your customers do.
“Has this vendor been careless with security?” We check for exposed API keys, known vulnerabilities, breach history, and patch cadence. A vendor with exposed credentials is like a contractor who leaves your building keys at a bar. We monitor public repositories, breach databases, and security advisories in real time.
“Is this vendor doing what it promised?” We monitor whether vendors stay within data handling agreements, geographic restrictions, usage limits, and termination clauses. A vendor that silently exceeds your data usage limits is a liability waiting to happen.
“How long has this vendor been around, and does it look stable?” We measure the age of the vendor's infrastructure, consistency of operations, and historical continuity. A vendor that appeared last week has no track record. A vendor operating cleanly for two years has demonstrated stability. Pitch decks don't show this — operational history does.
| Range | Rating | Recommended Action |
|---|---|---|
| 800–850 | Exceptional | Preferred vendor — fast-track procurement, auto-renewal eligible |
| 750–799 | Excellent | Standard onboarding, routine monitoring |
| 700–749 | Good | Acceptable for most use cases, quarterly review |
| 650–699 | Fair | Monitor closely, require enhanced SLA, monthly check-in |
| 600–649 | Marginal | Restrict from sensitive data, monthly review required |
| 550–599 | Poor | Block from customer-facing systems, remediation plan required |
| 500–549 | Very Poor | Immediate CISO escalation, consider vendor termination |
| 300–499 | Critical | Block all access immediately, activate incident response |
Point-in-time scores matter. Trends matter more. These signals drive automatic policy enforcement when configured.
Vendor improving significantly. Good signal for contract renewal, expanded access, or removal from enhanced monitoring list.
Warning sign. Investigate within 48 hours. Likely caused by a security finding or uptime degradation. Review vendor communications.
Critical alert. Immediate CISO escalation. Possible breach, key exposure, or vendor financial instability. Consider temporary suspension.
Catastrophic decline. Switch vendors. The platform will auto-block if policy is configured. Indicates a serious security or operational failure.
Score unavailable. Vendor not in our database. Requires manual review or vendor self-submission before access is granted.
Vendors cannot buy a better score. All inputs are derived from observable operational behavior, not self-reported data.
Anti-Gaming Policy: Our anomaly detection identifies artificial inflation attempts — manufactured transactions, hidden downtime, credential rotation purely for scoring purposes — and applies automatic penalties. The scoring algorithm is audited quarterly by an independent third party. Audit methodology is available to Enterprise customers under NDA.
TrustVerify AI provides the score. You set the policy. The platform enforces it automatically — but you control the thresholds.
Thresholds are configurable by your team and tuned to your industry during onboarding.