In the same way Michael Jordan revolutionized basketball and helped redefine how the world views athletes, AI has changed the technology game in an unprecedented way. And while this is amazing in many ways, the way most companies view and manage risk for technology agreements isn’t going to be enough in this new world.

While Artificial Intelligence is the stuff of science fiction, AI has morphed and broadened quickly into something unique. This is why we no longer write “A.I.,” which is technically correct. AI is the future of the workplace – it is the new assistant, the doer of menial tasks, and the pill for all workplace headaches. What makes this medicine even sweeter is that it’s being introduced to the workplace as inexpensive add-ons that enhance existing functionality.

At Seprio, we have a Client that has defined Tail Spend as $100,000 and below. If you’re unfamiliar with the term “Tail Spend,” it generally refers to low dollar purchases that slide past the gatekeepers that are assessing risk, negotiating terms, and managing larger contracts. This Client says that any contracts above $100,000 will go through the Sourcing process, which will involve all necessary reviews, like Legal’s review of the contract and Information Security’s completion of a security review. Any contract under $100,000 is Tail Spend, and therefore, it has a “Tail Contract” that doesn’t get the same, or any, risk assessment.

Our Client brought us in to review all Tail Contracts, which has saved them from significant, almost unseen, risk coming from the AI functionality. These Tail Contracts are being reviewed for the first time, and the Client is quickly realizing that Supplier Governance is the next step to changing how they do things.

Higher Spend ≠ Higher Risk

Other technology agreements generally line up with the “higher spend = higher risk” assumption that Tail Spend inherently makes. Corporate risk in today’s age usually comes from data and how it’s processed and stored. Before AI, the riskier data was generally provided to and processed and stored by the suppliers that charged the most money. This is not the case with AI, and that is how AI is revolutionizing the game.

Risk does not directly correlate with spend for AI.

While we’re seeing most full AI software cost between $20,000 to $80,000 (or more) and much more costly custom solutions, the bulk of AI functionality coming to the market only costs between ~$0 and $15,000 annually. This is because the majority of AI functionality hitting the workplace now is functionality that is added to existing software, which requires less development from the suppliers or their third-party providers.

These add-ons include functionality like chatbots, image recognition capabilities, predictive analytics, machine learning frameworks, model training and refinement, and other embedded functionalities. These lower-complexity developments cost suppliers between $2,000 to $300,000 to develop. AI is so hot on the market right now, that adding them for free or at a low rate is driving sales and suppliers aren’t having to charge for these developments directly, though they are often “restructuring” their prices when the contracts come up for renewal.

The thing about AI, though, is that the risk for the business doesn’t match the complexity of the AI development, meaning it doesn’t directly correlate with spend. What’s worse is that the low complexity AI can be even riskier for the business than high complexity AI.

The last two parts of this Series will dive deeper into the risks, but data is the lifeblood of AI, and corporate data is valuable. The data that goes into these low-complexity developments can be just as confidential or important as data that goes into a $500,000 customized solution, but the contracts (and therefore, the risk) aren’t being monitored the same way.

Tail Contracts

You may have thought the earlier example of the $100,000 Tail Spend was laughably low, or you may have thought it was astronomically high because your company is closer to $20,000. The bottom line is that if your company has a Tail Spend amount, it’s probably higher than $15,000.

In these Tail Contracts, suppliers are able to disclaim risk, and these disclaimers fly under the radar because the cost to the business is so low. The low complexity of development doesn’t mean that there is lower-risk data going into the solution.

Unless it’s a highly complex AI software or customized solution (which is currently farther behind in development and not as readily available), it is going to fall under most companies’ Tail Spend and the risk will not be understood or even known, giving the business no chance to manage or mitigate the risk. In Part 1 of Managing the Risk of AI, we said new purchases are usually the most reviewed. However, if Tail Contracts aren’t being reviewed, no protection exists.

The truth is that there isn’t a one-size-fits-all solution to handle the risk of AI. What it comes down to is updating your processes and educating your businesspeople. This Campaign to explain Supplier Governance is the best first step we can offer. We’ll talk more about what the risk really looks like in the rest of this Series, but we want to make one thing crystal clear: Your company’s current risk management process probably isn’t set up to handle AI if it’s based solely on spend.

Please join us next week as the 2025 Seprio Summer Series continues its review of many of the substantial risks associated with your company’s rapidly evolving use of AI technology.

Please let us know in the form below what you think about this blog post, other content on this website, or ask any other questions you might have. Don’t be shy.

MANAGING THE RISK OF AI: PART II - THE GAME HAS CHANGED

MANAGING THE RISK OF AI: PART I - THE UNSEEN RISK