⏱️

This tool is not currently part of our weekly active audit cycle

You are viewing historical data. We actively monitor only the top 20 enterprise AI tools. If you need a fresh, up-to-date risk intelligence report for Exa, let us know and we'll prioritize it.

01Trust Score

Exa

Week 2026-W17 · 26 Apr 2026 Vendor-Neutral
30 /100 Significant Risk
▼ 28 pts ⚠
2.3/5 (2855)
↓ PDF Report
Exa, an AI search engine, presents a mixed profile for enterprise adoption. While it offers specialized neural search capabilities and API-first integration for AI agents, critical gaps in security, legal transparency, and financial health are evident. The platform's low compliance score (40) and absence of public SOC 2 certification raise immediate security concerns. Furthermore, the vendor's terms of service are opaque regarding AI training data, IP ownership, and data retention, creating significant legal and compliance liabilities. Financial stability is also a concern, with an unknown funding status and a 'risky' recommendation. Performance issues, such as slow summary generation and broken codesearch tools, are reported by the community. These factors collectively indicate a high overall risk, necessitating extensive due diligence and contractual hardening before any significant enterprise deployment.
Trust Score 30/100 EVALUATE
Est. Annual Cost $18,316/year for 100 users 100 users / yr
Top Risk MED Data Privacy Overall: High
Priority Action AI Training Data Policy Not Explicitly Disclosed in ToS ↓ PDF  · TCO  · Hardening
Enterprise: No DPA · Residency: Vendor-Controlled · Lock-in: High (75/100)

Verified Compliance Facts

Cited and timestamped — every claim traceable to an official vendor source.

No verified facts available for this vendor yet.

Enterprise Verdict

× Extended Due Diligence Required
Risk: High 50 sources
Key Strength

Detailed community analysis available in report body

Priority Action

AI Training Data Policy Not Explicitly Disclosed in ToS

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

Medium Data Privacy Community Data

Medium risk — DPA available but specific data handling clauses need review. Derived from aggregated community data.

Medium Compliance Posture Verified

Medium risk — certifications partially verified, residual gaps remain. Based on verified vendor documentation.

Medium Vendor Lock-in Community Data

Medium risk — some export options exist but depend on vendor cooperation. Derived from aggregated community data.

Medium AI Transparency Community Data

Medium risk — some AI governance signals found but not fully verified. Derived from aggregated community data.

Medium Reliability Community Data

Medium risk — limited reliability data; monitor SLA adherence. Derived from aggregated community data.

Source
Medium Cost Predictability Verified

Medium risk — base pricing clear but add-on/usage costs not fully transparent. Based on verified vendor documentation.

Source
Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 75+ community data points

Recommended Inquiry Critical AI Training Data Policy Not Explicitly Disclosed in ToS
Sources: Web Community Evidence
Recommended Inquiry High Opaque Data Lifecycle
Sources: Web Community Evidence
Recommended Inquiry High Unclear IP Ownership over Generated Outputs
Sources: Web Community Evidence
Recommended Inquiry High No Public Indemnification Terms
Sources: Web Community Evidence
Recommended Inquiry High No Public SOC 2 Certification Documented
Sources: Web Community Evidence
03Security & Compliance

Security & Compliance

SOC 2 ✕ Not found
ISO 27001 ✕ Not found
GDPR Not documented
HIPAA ✕ Not found

Data Security

Encryption (At Rest): Not publicly specified
Encryption (In Transit): Not publicly specified

Security Features

SSO
MFA Methods not specified in public documentation
Audit Logs

IT Hardening Guide

Deployment Checklist

Last verified: 26 Apr 2026

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

No DPA Residency: Vendor-Controlled Lock-in: High (75/100)
📄 Data Processing Agreement Not Public

DPA not publicly available; procurement teams must request a signed Data Processing Addendum directly from the vendor before contract execution to ensure compliance with data protection regulations.

🌐 Data Residency Vendor-Controlled
Default: US (inferred from company operations)

Data residency options are not publicly documented. This lack of transparency poses a significant procurement blocker for EU and other regulated customers requiring specific data sovereignty controls and cross-border transfer mechanisms. Without explicit documentation, data is assumed to be processed in the US, which may not meet all regional compliance requirements.

⚠️ Contract Risk High Lock-in (75/100)
Data export on exit: No ⚠
⚠ 5 contract risk flags — click to review
⚠ Undisclosed data export policy
⚠ Opaque data deletion timeline
⚠ Unclear IP ownership over generated outputs
⚠ No public indemnification terms
⚠ Lack of documented termination notice periods

The contract terms present a high lock-in risk (score 75) due to undisclosed policies on data portability, deletion, and IP ownership. The absence of clear auto-renewal or unilateral change clauses also creates uncertainty. Termination notice days are not specified. A thorough legal review and specific contractual amendments are required to mitigate these risks before contract execution.

Compliance & Document Matrix

🛡️ Security Certifications

Certification Status Auditor Valid Until Source
⏳ Scanning in progress — check back after next weekly audit.

🔒 Data Privacy Documents

Document Status URL AI Assessment
Sub-processors ❌ Not Found ❌ Not found
AI/Model Training Policy ❌ Not Found — Unclear
Data Retention Policy ❌ Not Found ❌ Not found
Data Flow Diagram ❌ Not Found
GDPR Compliance Statement ❌ Not Found ❌ Not found
KVKK Compliance Statement ❌ Not Found ❌ Not found
CCPA Compliance Statement ❌ Not Found ❌ Not found

⚖️ Legal Contracts

See Legal & IP Assessment section above for full analysis of ToS, DPA, MSA, SLA, EULA, and AUP.

🔧 Operational Readiness

Document Status URL AI Assessment
Business Continuity Plan (BCP) ❌ Not Found ❌ Not found
Disaster Recovery Plan (DRP) ❌ Not Found ❌ Not found
Incident Response Plan ❌ Not Found ❌ Not found
3rd Party Penetration Test ❌ Not Found ❌ Not found

📋 Technical Transparency

Document Status URL AI Assessment
SBOM ❌ Not Found ❌ Not found
OSS License Inventory ❌ Not Found ❌ Not found
Vulnerability Management Policy ❌ Not Found ❌ Not found
Patch Management Policy ❌ Not Found ❌ Not found
Offboarding / Data Export Guide ❌ Not Found ❌ Not found
SIG Questionnaire ❌ Not Found
CAIQ ❌ Not Found

💰 Financial Resilience

Item Status Details
Cyber Liability Insurance ❌ Not Found ❌ Not mentioned
TCO Disclosed ✅ Available Annual: $18,316/year for 100 users
New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
04Community Signals

Community Intelligence

Recurring issues and curated signals from GitHub, Hacker News, Reddit, Stack Overflow, web sources, and enterprise review platforms.

Recurring Issues

[FEATURE] 增强搜索与抓取能力 — 增加 Playwright/Jina Reader/Exa 降级链 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
feat(llm): pluggable web search providers (Exa, Tavily, SearXNG) 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
exa, eza: add Simplified and Traditional Chinese translation and mention `exa` is no longer maintained 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub
AIX-35 PR4: Exa enrichment stage + citation persistence 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub
U.S. Mint Buys Drug Cartel Gold and Sells It as 'American' 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN
The West forgot how to make things, now it’s forgetting how to code 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Source Signals

🔗 GitHub Issues & PRs
[FEATURE] 增强搜索与抓取能力 — 增加 Playwright/Jina Reader/Exa 降级链
3 comments Discussion 3 comments — high community engagement
feat(llm): pluggable web search providers (Exa, Tavily, SearXNG)
3 comments Bug 3 comments — high community engagement
exa, eza: add Simplified and Traditional Chinese translation and mention `exa` is no longer maintained
2 comments Discussion 2 comments — high community engagement
🔥 Hacker News
U.S. Mint Buys Drug Cartel Gold and Sells It as 'American'
Story Score 0 — active HN discussion
The West forgot how to make things, now it’s forgetting how to code
Story Score 0 — active HN discussion
Magic: The Gathering took me from N2 to Japanese fluency
Story Score 0 — active HN discussion
💬 Reddit
Can Geometric Deep Learning lead eliminate the need of "Brute Force" pre-training [D]
r/MachineLearning
"1. There are actually quite a few cases where integrating symmetries directly in a model is too strong, e.g. this [paper" A 14-day “Growth Forge” sprint: build an AI-powered growth agent on a real stack [N]
r/MachineLearning
"Please use the biweekly self-promotion thread for this. Thanks!" Going from 3B/7B dense to Nemotron 3 Nano (hybrid Mamba-MoE) for multi-task reasoning — what changes in the fine-tuning playbook? [D]
r/MachineLearning
"I’d treat this less like “LoRA but on a weirder transformer” and more like a routing experiment where the adapter is onl"
05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing Tiers

Free

$0
1 user
  • 1,000 requests per month

Search

$7 /1k requests
Custom
  • Real-time search data (up to 10 results)
  • Webpage text and highlights
  • Configurable latency: 180ms to 1s

Deep Search

$12 /1k requests
Custom
  • Research with structured outputs
  • Optimized for complex queries
  • Multi-step agent workflows

Contents

$1 /1k pages per content type
Custom
  • Full page web contents
  • Token efficient highlights
  • Configurable livecrawl policies

Monitors

$15 /1k requests
Custom
  • Track new events and updates across the web
  • Runs searches at a specified cadence
  • Receive updates with webhooks

Answer

$5 /1k requests
Custom
  • Fast web grounded answers
  • Streaming responses
  • Web grounded citations

Enterprise

Contact Sales
Custom
  • High volume
  • Custom datasets
  • Enterprise security
  • SLAs and MSAs
  • Volume discounts

Pricing Observations

The pricing model is consumption-based, with costs per 1,000 requests or pages. This can lead to unpredictable costs for high-volume or complex AI agent workflows if not carefully managed. The free tier is limited to 1,000 requests per month, which is quickly exhausted in enterprise scenarios. Additional results and AI page summaries incur extra charges. Enterprise pricing requires direct contact, indicating potential for opaque negotiations and custom terms.

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Calculate the real monthly cost for your team. Adjust seats, usage, and pricing tier below.

Estimated Monthly Cost

Base Subscription $0
AI Credits / Tokens $0
Hidden Costs (onboarding, overages, support) $0
Total Monthly TCO $0
Per User / Month $0
Annual Projection $0

Swanum Independent Estimate (100 users)

Base subscription (monthly × 12) $693 × 12
Implementation $5000
Training $2000
Integration $3000
Total Annual TCO $18,316/year for 100 users

Base $693/mo × 12 = $8316 + Implementation $5000 + Training $2000 + Integration $3000 = $18316 total. This estimate assumes 100 users each making 1000 'Search' requests per month, exceeding the free tier. cost factors that may not be immediately visible in initial pricing include potential overage for deep search or content extraction, and costs for custom datasets or higher rate limits at the Enterprise tier. The estimate does not account for potential re-platforming costs if vendor viability becomes an issue.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Synthesized from 20+ independent public sources: developer forums & repositories, security databases, vendor disclosures, regulatory filings, and community review platforms. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in