← Back to glossary
Glossary

Third-Party Risk Management (AI)

Reviewed 9 April 2026 Canonical definition

Third-party risk management for AI covers the governance of risks introduced by external AI vendors, foundation model providers, MCP server operators, and tool integrators. It includes vendor security assessments, contract review for data handling obligations, ongoing monitoring of third-party service behaviour, and contingency planning if a third-party dependency is compromised or discontinued.

Related articles

Product releases 5 Questions Every Risk Manager Should Ask About AI Agent Deployments Agent Identity Ultimate Guide to Non-Human Identity Risk Mitigation Developer Experience CI/CD Integration for AI Agents: Q&A

Related terms

Telemetry Pipeline (Agent)TemperatureThird-Party AI RiskThreat Modelling (AI Agent)Threat Modelling (AI)Three Lines of Defence (AI)