The State of AI Vendor Trust

An independent, continuously-updated look at the security and compliance posture of the 21 major AI and SaaS vendors Swanum monitors — built entirely from official records (auditor reports, trust centers, NVD/CISA, SEC filings).

Generated July 3, 2026 · every figure is computed deterministically from source-cited data.

21
AI & SaaS vendors monitored
24%
carry an independently verified certification
84
average governance readiness (/100)
81
security & policy changes detected (last 90 days)

Governance readiness distribution

Enterprise-Ready
19 (90%)
Conditional
1 (5%)
High-Risk
1 (5%)

Independent certification coverage

ISO 27001
3 (14%)
SOC 2
2 (10%)
HIPAA
0 (0%)
PCI-DSS
0 (0%)
FedRAMP
0 (0%)

Coverage counts vendors with an independently verified certification (an auditor-issued report we can cite). A vendor without a verified cert here is not necessarily non-compliant — it may hold evidence behind an NDA/trust center, which we report separately on each vendor brief. Absence of published evidence is never treated as proof of non-compliance.

What changed in the last 90 days

Change typeDetected
CVE / Security Incident29
Sub-processor Change24
ToS Clause Change20
Governance Readiness Change3
SEC Cyber Incident (8-K 1.05)3
Legal Document Unavailable2

These are real changes our monitoring engine flagged across the vendor set — new CVEs, certification changes, and terms-of-service updates. Explore them on the live changelog.

Methodology & sources

Governance readiness is scored deterministically across ten weighted components from official sources only — no sentiment, no LLM guesswork. See the methodology for the full breakdown, or compare vendors side by side.

Compare vendor governance →