R

Runway

Week 2026-W17 · 26 Apr 2026 Vendor-Neutral
29 /100 Significant Risk
1.8/5 (72)
↓ PDF Report
AUDITOR SUMMARY
  • Strength: Runway provides market-leading AI video generation capabilities that can significantly cut production time and costs for creative teams.

Trust Score Trend

12-month rolling window

Week 1 of 2 — Trust score tracking has begun

Return next week for historical trend visualization.

View all reports → or See Scoring Methodology →
Trust Score 29/100 EVALUATE
Est. Annual Cost See TCO ↓ 100 users / yr
Top Risk HIGH Reliability Overall: High
Priority Action Review report ↓ ↓ PDF  · TCO  · Hardening
Compliance
0/35
Legal / IP
15/25
Security
9/25
Market
5/15
Sub-total
29/100
Raise this score: Request SOC2 Type II report from vendor +15 pts · Require vendor to provide GDPR DPA +10 pts · Verify ISO 27001 certification +10 pts
This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Weekly Intelligence

This Week's Intelligence

Trust 29
Security 65
Legal 30

No new events — monitoring active.

KEY TAKEAWAY

Initial audit baseline established, highlighting a critical gap between Runway's advanced technology and its immature enterprise-grade legal and compliance transparency.

This Week's Actions
  • ACTEngage Runway sales to obtain the SOC 2 Type 2 audit report.
  • ACTInitiate legal review of a custom DPA to ensure an opt-out from AI model training.
  • ACTClarify IP ownership and indemnification terms for commercially generated content.
Get alerts when Runway's score changes

Cumulative Intelligence

Patterns and signals detected over time — based on 50+ community data points from GitHub, X/Twitter, Reddit, Hacker News, Stack Overflow

Patterns Detected

  • Initial audit baseline: A recurring pattern is the discrepancy between enterprise marketing claims (e.g., SOC 2, data ownership) and the lack of supporting legal and technical documentation available publicly.

Long-term Trends

  • Initial audit baseline: Runway is on a trajectory of rapid product innovation, frequently announcing new, more powerful models, which is likely to maintain its competitive edge in the creative AI market.

Strategic Insights

Category Benchmark

How Runway compares to 2 other tools in this category.

Your Score vs Category
Worst: 27 Avg: 46 You: 29 Best: 65
33th
Percentile in Category
-36
Gap to HeyGen
↓ Below
Category Average (46)
03Verdict & Recommendation

Enterprise Verdict

× Extended Due Diligence Required
Risk: High 50 sources
Key Strength

Detailed community analysis available in report body

Required Before Approval
  • Request and review SOC2 Type II audit report
  • Execute signed Data Processing Agreement (DPA)
  • Patch 2 unresolved HIGH/CRITICAL CVE(s) before enterprise rollout

Before You Sign

Procurement checklist — complete these before committing budget.

🔴 HIGH General
Type II covers a time period of operation; Type I is a point-in-time snapshot that provides weaker assurance.
🔴 HIGH General
GDPR Article 28 requires a DPA with any processor. Without it, you carry the compliance liability.
🟡 MEDIUM General
If the tool produces content that infringes on third-party IP, you need contractual protection against infringement claims.
🟢 LOW General
Ensure you can retrieve your data within 30 days of cancellation in standard formats (CSV, JSON, API).
⚡ Complete all CRITICAL and HIGH items before contract signature. Medium/Low items can be addressed during onboarding.

Enterprise Contract Requirements

7 clauses generated from audit findings — add these to your vendor agreement before signing.

Must-Add Clauses (Top 3 Priority)

  1. AI Training Data Exclusion CRITICAL
  2. Data Processing Agreement (GDPR Article 28) CRITICAL
  3. IP Ownership & Indemnification HIGH
CRITICAL Data & AI Training AI Training Data Exclusion Expand 
Vendor shall not use Customer Data, including code, prompts, or generated outputs, to train, fine-tune, or evaluate any AI or machine learning model. This prohibition extends to all sub-processors and affiliates. Violation constitutes a material breach.
CRITICAL GDPR / Data Processing Data Processing Agreement (GDPR Article 28) Expand 
A Data Processing Agreement compliant with GDPR Article 28 must be executed prior to any data transfer. The DPA must identify all sub-processors, specify data retention periods, and provide for the right to audit.
HIGH Intellectual Property IP Ownership & Indemnification Expand 
All code, suggestions, completions, and outputs generated for Customer constitute Customer's intellectual property. Vendor shall indemnify and defend Customer against any third-party IP infringement claims arising from use of the Service.
HIGH Liability Liability Cap Expand 
Vendor's aggregate liability for any claim shall not exceed the greater of (a) fees paid in the 12 months preceding the claim or (b) $500,000. This cap shall not apply to breaches of confidentiality or indemnification obligations.
HIGH Exit & Portability Data Export & Exit Rights Expand 
Upon termination, Vendor shall provide Customer with a complete export of all Customer Data in machine-readable format (JSON or CSV) within 30 days at no charge. Vendor shall retain Customer Data for 90 days post-termination solely for export purposes.
MEDIUM Contract Terms Auto-Renewal Opt-Out Expand 
This Agreement shall not auto-renew unless Customer provides written confirmation no later than 60 days before the renewal date. Vendor shall provide written notice of upcoming renewal no later than 90 days before the renewal date.
MEDIUM Security Security Incident Notification Expand 
Vendor shall notify Customer of any confirmed or suspected security incident affecting Customer Data within 48 hours of discovery. Notification shall include nature of the incident, data affected, and remediation steps taken.
04Risk Assessment

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

High Reliability Community Data

Vendor viability score: 40/100. No community-reported outages or reliability incidents found in recent data.

Critical Cost Predictability Community Data

Vendor financial stability score: 40/100. Total funding raised: unknown. Enterprises should negotiate fixed-rate contracts and monitor pricing changes.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Critical Data Privacy Community Data

Compliance score: 40/100. GDPR: unknown. Encryption at rest: unknown.

Medium Compliance Posture Community Data

SOC 2: none. ISO 27001: none. Overall compliance score: 40/100.

Medium AI Transparency Community Data

No training on user data detected. Code ownership terms unclear. Legal/ToS risk score: 65/100.

Verified — Confirmed by vendor documentation or disclosure Community — Derived from developer forums, GitHub, and community reports
05Security & Compliance
Last verified: 27 Apr 2026

Compliance Framework Matrix

[EU]
EU AI Act
European AI Regulation (2024)
[US]
NIST AI RMF
AI Risk Management Framework
[Cloud]
CSA CAIQ
Cloud Security Alliance
[Global]
ISO/IEC 42001
AI Management System
not_certified
New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
06Legal & Intellectual Property
Last verified: 27 Apr 2026

Exit & Migration Risk

How hard is it to leave? Assess lock-in before you commit.

Lock-in Score
50/10
🟡 MODERATE LOCK-IN
Data Portability Unknown
API Available No
Auto-Renewal Clause Not Detected
Termination Notice 30 days
⚠ Contract Red Flags
  • Auto-renewal terms and data export rights not publicly documented — verify before signing.
Migration Notes: Full contract terms for Runway require direct vendor engagement. Ensure data portability on exit, notice period, and pricing lock clauses are negotiated before execution.
07Financial Analysis

Vendor Financial Health

📈 Viability Signals
Stability: 50/100

No public financial data available for Runway. Treat as elevated viability risk for long-term enterprise contracts; request audited financials or escrow agreement if vendor is critical infrastructure.

CONFIDENTIAL TCO & FUNDING ANALYSIS

Estimated Runway Total Raised: unknown
True Total Cost of Ownership (100 Users)
Base Monthly Cost 33600
Integration & Add-on Costs
Total Annual Cost Estimate 41100

TCO Calculator

Custom TCO Assessment Required

This vendor's enterprise pricing data is currently under review by our analyst network or requires custom scoping. Contact us for a free, independent TCO assessment tailored to your organization's deployment size.

Request TCO Assessment →
Last verified: 27 Apr 2026
08Contract & Procurement

Pricing Tier Risk Analysis

Per-tier compliance posture data is being collected for this vendor. Check back after the next weekly refresh, or contact the vendor directly to request enterprise tier documentation (SOC 2, DPA, audit logs).

09Community & Market Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week. 🟢 Vendor Data 🟠 Community Signal

Community Evidence This Week

Specific signals from GitHub, Hacker News, Reddit, Stack Overflow, and the web — what the community is actually saying

🔗 GitHub Issues & PRs
ci: remove legacy Runway per-platform workflows (phase 2 cleanup)
5 comments Bug 5 comments — high community engagement
chore(runway): cherry-pick 0e57cdc
5 comments Bug 5 comments — high community engagement
chore(runway): cherry-pick ci: add separate Runway OTA and native build workflows (phase 1) cp-7.75.0
4 comments Discussion 4 comments — high community engagement
🔥 Hacker News
Iran caused more extensive damage to U.S. military bases than publicly known
Story Score 0 — active HN discussion
Composition shouldn't be this hard
Story Score 0 — active HN discussion
Familiarity is the enemy: On why Enterprise systems have failed for 60 years
Story Score 0 — active HN discussion
🌐 Web Findings
Security Sicherheitsvorfall-Datenbank - security-incidents.de
Signal from web_search
Youtube_Yt_Dlp Issues - Tears On The Runway pt 2 (feat Nylo)
Signal from youtube
Security Cuberk: Recent CVE - Latest Security Vulnerabilities
Signal from web_search
Security Daily CyberSecurity •
Signal from web_search

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 79+ community data points

Verified Strength Low Detailed community analysis available in report body
Inferred from 79+ signals across GitHub, HackerNews, and community forums

Search Interest & Popularity Signals

Real-time data from Google Trends and VS Code Marketplace. Reflects public search momentum — not a quality indicator.

Google Search Interest
Relative index (0–100) · Last 90 days
57
This Week
100
90-day Peak
+3.6%
Week-over-Week
-5.0%
Month-over-Month

Source: Google Trends · Interest is relative to the peak in the period (100 = peak). Does not reflect absolute search volume.

Evaluation Landscape

Community members actively discussing a switch away from Runway — these tools are appearing as migration targets in developer forums and enterprise discussions. Where counts are significant, migration intent is a procurement signal worth investigating.

OpenAI Sora
Pika Labs
Kling

Side-by-Side Comparison

Runway vs. top migration targets — based on community discussion signals this week.

▶ Runway This report OpenAI Sora Pika Labs Kling
Migration Signals
Why Users Switch
Friction Point
Trust Score 29/100 Not rated Not rated Not rated
Source Swanum Analysis

Migration signals = community mentions of switching away from Runway to this alternative. Not a product endorsement.

Market Comparison

How Runway stacks up against 2 alternatives in the same category — same scoring methodology, same week.

Tool Trust Compliance
/35		 Legal/IP
/25		 Security
/25		 Market
/15		 TCO / 100 users
Runway ← this report 29 15 9 5 $41100
HeyGen 65 35 0 25 5 $29048
Luma AI 27 0 15 7 5 $125500
10Enterprise Technical & Purchase Decision

Scoring Methodology

Every score is a weighted composite. The exact formula is transparent below.

Overall Trust Score (0–100)

40% Sentiment Ratio Positive vs. negative mention ratio across all sources
25% Issue Severity Frequency and criticality of reported bugs, outages, and UX complaints
20% Source Volume & Diversity Number and diversity of data sources (Reddit, HN, GitHub, G2, etc.)
15% Momentum Week-over-week trend direction and velocity of sentiment change
Evidence Confidence: Medium (79 data points)

Sub-Score Breakdown

Dimension Score Weight Factors Data Sources
Security & Compliance 65/100 Certifications (30%), Vulnerability disclosure (25%), Data encryption (20%), Bug bounty (15%), Incident history (10%) Vendor docs, SOC 2 filings, CVE database
Legal & IP Risk 30/100 ToS data training clauses (35%), IP indemnification (25%), Liability caps (20%), Data portability (20%) Terms of Service, DPA, Privacy Policy

Data Sources This Week

Hacker News 10 signals
GitHub Issues 60 signals
YouTube 29 signals
CVE Databases 2 signals
Official Documents 14 signals
Web Search 40 signals
Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in