The State of AI Vendor Trust
An independent, continuously-updated look at the security and compliance posture of the 21 major AI and SaaS vendors Swanum monitors — built entirely from official records (auditor reports, trust centers, NVD/CISA, SEC filings).
Governance readiness distribution
Independent certification coverage
Coverage counts vendors with an independently verified certification (an auditor-issued report we can cite). A vendor without a verified cert here is not necessarily non-compliant — it may hold evidence behind an NDA/trust center, which we report separately on each vendor brief. Absence of published evidence is never treated as proof of non-compliance.
What changed in the last 90 days
| Change type | Detected |
|---|---|
| CVE / Security Incident | 29 |
| Sub-processor Change | 24 |
| ToS Clause Change | 20 |
| Governance Readiness Change | 3 |
| SEC Cyber Incident (8-K 1.05) | 3 |
| Legal Document Unavailable | 2 |
These are real changes our monitoring engine flagged across the vendor set — new CVEs, certification changes, and terms-of-service updates. Explore them on the live changelog.
Methodology & sources
Governance readiness is scored deterministically across ten weighted components from official sources only — no sentiment, no LLM guesswork. See the methodology for the full breakdown, or compare vendors side by side.