MANAGING THE RISK OF AI: THE UNSEEN RISK

I’ve attended countless webinars for suppliers promoting flashy new AI functionality, and my main takeaway is that AI is being sold incredibly well - which is pretty easy to do – but the risk is being shoved under the rug. AI isn’t sold like a prescription drug commercial with a 30-second readthrough of the possible symptoms that are worse than what the drug is treating while a cute puppy plays fetch next to a couple walking hand-in-hand on the beach. AI is fun and smart, advertised as a cure to solve all of the workplace headaches at little-to-no cost.

The problem is, there is absolutely a cost; it just isn’t the kind that’s billed monthly. The risk we’re focused on is baked into the supplier contracts governing corporate use of AI functionality. It’s each organization’s responsibility to educate employees on the added risk that comes with contracting with these suppliers and to let them know the process for review required before they start using it.

This is Part 1 of a 4-part series on Managing the Risk of AI. This series outlines what companies need to do to understand and mitigate the risk with suppliers that are selling and/or simply adding AI into their solutions. In Part 2, we discuss how AI has completely changed the risk analysis and mitigation landscape and how this change is forcing companies to update their risk assessment and management processes. In Parts 3 and 4, we dive deeper into what the risk really looks like and give you some advice on how you can best combat it – from both the legal and business perspective. You’re welcome to use this Series on Managing the Risk of AI to help with educating your businesspeople, especially Part 4, which is written for the business and highlights the importance of reviewing supplier contracts that govern the use of AI functionality.

How AI Rears its Head

AI is hitting the market at an exponential rate, and it’s an easy sell in almost every area. AI functionality is being advertised directly to businesspeople with ads and demonstrations on how it will make the menial parts of their job easier, faster, and almost nonexistent, while selling it for next to nothing. What could possibly be wrong with that?

Regardless of how you feel about using AI, it’s important to be aware of the contract terms that come attached and manage any associated risk. For AI, the snake in the grass is how AI is being introduced to your businesspeople, so here’s a quick overview: 

New Purchases

New purchases may be the easiest AI uses to monitor since companies typically focus on new suppliers and purchases the most when doing contract negotiations, security reviews, and overall supplier risk assessments. However, as we’ll cover in Part 2 of this series, companies that have their review process set up to only monitor contracts above a set spend are in danger of missing most of the risk that AI brings to the table.

Renewals

While companies take a magnifying glass to new suppliers and new purchases, many don’t put in the legwork when it comes to renewals, which can allow for the addition of AI at renewal to go unnoticed. Technology suppliers are adding AI functionality wherever they can, sometimes to truly bolster their services, but sometimes it’s just a flashy new add-on. If business and system owners aren’t looking closely at renewals, they may commit to new functionality – and significant risk – without the necessary eyes on it.

Midterm Additions

Saving the scariest for last: We’re seeing AI being added during current contract terms at a rapidly rising rate. Suppliers are embedding functionality into their solutions at no additional cost (at least directly) and, once added, the functionality can be used at any time. In this case, updated contract terms are agreed to as soon as the use starts, holding the company to terms that have never been reviewed.

Aside from Midterm Additions, the monitoring of technology for new purchases and renewals shouldn’t be new, though we’ll discuss why it might need to look a little different for AI. Now that we’ve laid the foundation of how AI is being introduced, our next focus will be why it’s important to pay such close attention and, more specifically, why sticking with your current risk review process isn’t going to be enough.

Please join us next week as the 2025 Seprio Summer Series continues its review of many of the substantial risks associated with your company’s rapidly evolving use of AI technology.

Please let us know in the form below what you think about this blog post, other content on this website, or ask any other questions you might have. Don’t be shy.