u/ColleenReflectiz

Gartner says by 2028, 70% of orgs will use AI on both sides of vendor assessments. Vendors generate responses with AI, security teams analyze with AI.

So AI is analyzing AI-generated content compounds errors. Responses look consistent but detached from actual vendor environments.

Faster questionnaires don't help when the model is broken. Vendor passes Monday, gets owned Tuesday, next review is in 12 months.

How are you actually validating third-party risk beyond what vendors self-report? Or still trusting faster AI paperwork?