Vendor Risk Snapshot
A source-cited vendor risk snapshot with explicit gaps and recommended next steps.
'%20stop-opacity%3D'0.85'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'55%25'%20stop-color%3D'hsl(32%2C72%25%2C74%25)'%20stop-opacity%3D'0.3'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'100%25'%20stop-color%3D'hsl(32%2C65%25%2C82%25)'%20stop-opacity%3D'0'%2F%3E%0A%20%20%20%20%3C%2FradialGradient%3E%0A%20%20%20%20%3CradialGradient%20id%3D'b'%20cx%3D'69%25'%20cy%3D'71%25'%20r%3D'70%25'%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'0%25'%20stop-color%3D'hsl(43%2C62%25%2C90%25)'%20stop-opacity%3D'0.9'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'100%25'%20stop-color%3D'hsl(43%2C62%25%2C90%25)'%20stop-opacity%3D'0'%2F%3E%0A%20%20%20%20%3C%2FradialGradient%3E%0A%20%20%20%20%3Cpattern%20id%3D'd'%20width%3D'26'%20height%3D'26'%20patternUnits%3D'userSpaceOnUse'%3E%0A%20%20%20%20%20%20%3Ccircle%20cx%3D'2'%20cy%3D'2'%20r%3D'1.1'%20fill%3D'hsl(30%2C22%25%2C40%25)'%20fill-opacity%3D'0.07'%2F%3E%0A%20%20%20%20%3C%2Fpattern%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'%23FBFAF6'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23b)'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23a)'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23d)'%2F%3E%0A%3C%2Fsvg%3E)
What you get
Aggregate a vendor's public security, privacy, data-processing, and compliance signals into a structured snapshot. Given vendor name, optional homepage, intended use, and data sensitivity class, returns categorized public signals (security certifications, DPA, residency, SLA, incidents, subprocessors, encryption, access controls, regulatory, reputation) with evidence type (vendor claim vs third-party reported vs unverified), risk level, source URLs, missing diligence items, and recommended next steps. This is NOT a formal compliance certification — it surfaces what is publicly claimed and visible. Input schema fields: vendor_name, vendor_homepage, intended_use, data_sensitivity, output_language.
- Vendor risk snapshot markdown
- Structured JSON with source manifest
When to use
- The buyer is evaluating a third-party vendor and needs public-source diligence.
- The agent has a vendor name but lacks structured public security/privacy intelligence.
- The task is performing or replacing a formal SOC2/ISO/HIPAA audit.
- The buyer expects to make a final compliance verdict without independent review.
How it works
- Vendor trust portal
- Public privacy policy
- Press incident reports
- Status pages
- Build vendor + compliance queries
- Dedupe web results
- Ground LLM categorization in source URLs
- Surface evidence type, risk level, and gaps
- Categorized signals
- Evidence type
- Source URLs
- Missing diligence items