The 2026 Black Kite Third-Party Breach Report found that for every vendor breached, an average of 5.28 downstream organizations were compromised, the highest cascading impact on record, with a 117-day median gap between breach occurrence and public disclosure.
In a growing number of those incidents, the vector was an AI tool: a productivity application connected to corporate identity infrastructure, a generative AI service with access to sensitive data, a vendor-side model operating without visibility or governance on either end of the relationship. The NIST AI RMF’s guidance on third-party risk management is more explicit about this than most programs currently reflect.
Regulators have acted on this. In May 2025, the Pennsylvania Attorney General settled with Home365, a property management company, over allegations that its AI platform contributed to delays in maintenance and unsafe housing conditions. Home365 was not an AI developer. It was a company that deployed an AI tool purchased from a third-party vendor. The defense, “we bought it from a vendor,” did not hold.
The NIST AI Risk Management Framework (AI RMF) anticipates this kind of issue. Its companion resources and expanded guidance published through 2025 explicitly elevated supply chain vulnerabilities and third-party model assessment from secondary considerations to primary ones. Most TPRM programs haven’t caught up.
Each of the four NIST AI RMF functions, GOVERN, MAP, MEASURE, and MANAGE, has direct application to the AI risk your vendors introduce: the systems they’ve built, the tools they’ve deployed, and the models embedded in the services they’re selling you.
Contenu
- What is the NIST AI Risk Management Framework?
- Why Is Third-Party AI Risk Harder to Govern than Internal AI?
- GOVERN: Build the Policy Foundation for Vendor AI
- MAP: Discover and Inventory Third-Party AI
- MEASURE: Assess Your Vendors' AI Practices
- MANAGE: Respond to Third-Party AI Incidents
- Where the NIST AI RMF Stands in 2026 and What Your Program Must Reflect
- Build Third-Party AI Governance Before Regulators Build It for You
- Questions fréquemment posées
Qu'est-ce que le cadre de gestion des risques liés à l'IA du NIST ?
The NIST AI Risk Management Framework, released in January 2023, is a voluntary framework developed by the U.S. National Institute of Standards and Technology to help organizations manage risks associated with AI systems throughout their lifecycle. It applies across any industry, company size, or geography. Since its initial release, NIST has expanded the framework’s ecosystem considerably, most notably with the Generative AI Profile (NIST AI 600-1), released July 2024, which addresses risks from vendor-supplied AI models and large language systems specifically, and with expanded companion resources through 2025 that have strengthened supply chain and third-party model assessment guidance.
While voluntary, the AI RMF carries significant regulatory weight. The FTC, CFPB, FDA, SEC, and EEOC all reference its principles in enforcement guidance. Federal contractors face growing expectations to demonstrate NIST-aligned AI governance. On February 19, 2026, the Treasury Department released the Financial Services AI Risk Management Framework, built directly on NIST’s structure in partnership with the Cyber Risk Institute, introducing 230 control objectives mapped across the AI lifecycle for financial institutions, including a dedicated third-party risk section. The AI RMF is also widely used as an operational companion to EU AI Act compliance, particularly for organizations managing high-risk AI system obligations phasing in through August 2026.
The framework is divided into two parts. Part 1 covers risks and characteristics of trustworthy AI systems. Part 2 describes four functions: GOVERN, MAP, MEASURE, and MANAGE. Within each function, NIST organizes specific requirements into numbered categories: GOVERN contains six, MAP five, MEASURE four, and MANAGE four. Three of those categories are explicitly scoped to third-party and supply chain risk: GOVERN 6 (policies for third-party software and data), MAP 4 (risk mapping for all AI system components, including third-party), and MANAGE 3 (managing risks and benefits from third-party entities). NIST built third-party accountability into the framework’s core, and those provisions carry the same weight as any other.
Why Is Third-Party AI Risk Harder to Govern than Internal AI?
Vendors introduce risks that are structurally harder to govern than internal AI, because they operate outside your audit perimeter and rarely disclose the information you would need to assess them.
Without the proper governance and safeguards in place, exposure from third-party AI includes security vulnerabilities in the AI application itself; a lack of transparency in how AI risk is measured and reported, which can lead to significant underestimates of impact; and AI security policies that are inconsistent with your organization’s broader risk management procedures, complicating audits and creating potential legal and compliance exposure.
The expanded NIST AI RMF guidance through 2025 made the framework’s position on this explicit: third-party risk is a primary concern, not an afterthought. TPRM programs that haven’t integrated AI-specific governance into their vendor lifecycle are operating with a gap that regulators and auditors are increasingly prepared to identify.
GOVERN: Build the Policy Foundation for Vendor AI
The GOVERN function establishes the organizational culture, policies, and accountability structures that make AI risk management possible. For third-party AI risk, it is where the program either establishes real accountability or produces documentation that won’t survive scrutiny.
GOVERN 6 is the provision that applies specifically to vendor AI: policies and procedures must be in place to address AI risks and benefits arising from third-party software, data, and other supply chain issues. Meeting that requirement means building AI governance into your TPRM program as a formal component, not as a parallel initiative, but integrated with your broader information security and GRC frameworks.
In practice, GOVERN 6 requires your program to define and document:
- Governing policies, standards, systems, and processes to protect data from AI risks introduced by third parties
- les exigences légales et réglementaires, en veillant à ce que les tiers soient évalués en conséquence
- Clear roles and responsibilities through a RACI structure for AI risk accountability
- Risk scoring thresholds based on your organization’s risk appetite for AI-related exposures
- Assessment and monitoring methodologies calibrated to third-party criticality
- Third-party AI inventories and fourth-party mapping to understand exposure to AI usage-based risks in your extended ecosystem
- Contractual requirements, including the right to audit vendors’ AI practices
- KPIs and KRIs for measuring program effectiveness over time
Seek out expertise to help define and implement these processes, particularly for selecting risk assessment questionnaires and TPRM frameworks that address AI risks throughout the full third-party lifecycle, from sourcing and due diligence through termination and offboarding. Organizations working toward ISO 42001 compliance will find significant crosswalk here; the standard’s vendor-specific AI controls align closely with GOVERN 6’s requirements.
Building your TPRM program from scratch?
Download the 10-step guideMAP: Discover and Inventory Third-Party AI
The MAP function establishes context for understanding AI risk: who is using what systems, for what purposes, with what potential for harm. For TPRM programs, this function is where the shadow AI problem becomes concrete.
Employees routinely connect AI writing assistants, coding tools, meeting summarizers, and productivity applications to corporate accounts without security review or procurement approval. Vendors do the same. The April 2026 Vercel breach shows how a single AI productivity tool with excessive OAuth permissions can become an attack vector across an entire identity surface. MAP 4 requires that risks and benefits be mapped for all components of an AI system, including third-party software and data.
Operationalizing MAP in your vendor program starts with profiling and tiering third parties based on their AI-related inherent risk. Criteria used to calculate that inherent risk include: the type of content required to validate controls; criticality to business performance and operations; locations and related legal or regulatory considerations; level of reliance on fourth parties and concentration risk exposure; interaction with protected data; and exposure to operational or client-facing processes.
From this inherent risk assessment, your team can tier suppliers according to AI risk exposure, set appropriate levels of further diligence, and determine the scope of ongoing assessments. Rule-based tiering logic enables vendor categorization using data interaction types and regulatory considerations, making the process repeatable and auditable rather than ad hoc. For organizations building this capability from the ground up, developing an AI application inventory is the right starting point.
MEASURE: Assess Your Vendors’ AI Practices
The MEASURE function covers how organizations analyze, benchmark, and monitor AI risk over time. In a third-party context, it covers two distinct activities: structured assessment of vendors’ AI practices, and continuous external monitoring of threats and vulnerabilities across your vendor ecosystem.
For assessment, look for TPRM solutions with an extensive library of pre-built templates that evaluate vendor AI practices. Third-party vendors should be assessed for AI-specific controls during onboarding and at defined intervals thereafter, typically at contract renewal or on a quarterly or annual basis, depending on material changes in the relationship. Assessments should be managed centrally, backed by workflow, task management, and automated evidence review capabilities, so that your team maintains visibility into third-party AI risks across the full relationship lifecycle. Built-in remediation recommendations based on assessment results ensure that vendors address identified risks promptly and provide auditors with appropriate evidence.
For continuous monitoring, the scope needs to extend well beyond cybersecurity data. Vendor risk events that matter for AI systems include financial instability, regulatory sanctions, leadership changes, operational disruptions, and breach history, all of which affect whether a vendor’s AI systems and governance practices remain trustworthy between formal assessment cycles.
Organizations implementing this function typically find that cyber monitoring infrastructure alone covers less than half of the relevant signal surface. Mitratech Prevalent’s monitoring infrastructure, for example, draws on cyber, financial, reputational, and breach intelligence across more than 550,000 companies, including dark web and criminal forum coverage, sanctions and enforcement list screening, and a breach event database spanning more than a decade, and centralizes all of it alongside assessment data in a unified vendor risk register.
All monitoring data should be correlated with assessment results and centralized in a unified risk register for each vendor, streamlining risk review, reporting, remediation, and response. Continuously measuring third-party KPIs and KRIs against your defined requirements helps your team identify risk trends, determine third-party risk status, and flag exceptions to common behavior that warrant further investigation.
MANAGE: Respond to Third-Party AI Incidents
The MANAGE function covers how organizations allocate risk resources, respond to incidents, recover from them, and communicate throughout. MANAGE 3 explicitly addresses third-party AI risk: risks and benefits from third-party entities must be managed, with documented response and recovery plans that are monitored on a regular basis.
As part of your broader incident management strategy, your third-party incident response program needs to enable your team to identify, respond to, report on, and mitigate the impact of vendor AI security incidents rapidly. Key capabilities include:
- Évaluations de la gestion des événements et des incidents mises à jour en permanence et personnalisables
- Suivi en temps réel de l'état d'avancement du questionnaire
- Defined risk owners with automated reminders to keep surveys on schedule
- Des vues consolidées des évaluations de risque, des comptes, des scores et des réponses marquées pour chaque fournisseur.
- Workflow rules that trigger automated playbooks based on a risk’s potential business impact
- Modèles de rapports intégrés pour les parties prenantes internes et externes
- Data and relationship mapping to identify at-risk information paths across your third, fourth, and nth parties
Armed with these capabilities, your team can triage third-party AI incidents with the context needed to understand scope and impact: what data was involved, whether the third party’s operations were affected, and when remediations are verified complete.
Where the NIST AI RMF Stands in 2026 and What Your Program Must Reflect
The NIST AI RMF that most organizations first encountered in 2023 was designed primarily for organizations governing AI that they had built or directly deployed. The framework has since expanded considerably. The Generative AI Profile (NIST AI 600-1), released July 2024, provides specific guidance for managing risks from vendor-supplied large language models and generative AI systems. Companion resources and implementation guidance through 2025 reinforced supply chain and third-party model assessment as primary concerns. Programs that haven’t been updated to reflect this expansion are being assessed against a version of the framework that no longer represents current expectations.
For TPRM teams, three gaps are worth checking now. First, vendor AI questionnaires built before 2024 may not reflect this expanded guidance; they should be reviewed and updated to cover model provenance, data supply chain integrity, and third-party model vetting specifically. Second, the framework’s alignment with ISO 42001, which includes specific controls for AI systems managed by vendors and suppliers, means organizations working toward that certification are simultaneously building toward NIST AI RMF alignment. Third, the Treasury Department’s Financial Services AI Risk Management Framework, released February 19, 2026 in partnership with the Cyber Risk Institute and built directly on NIST’s structure, includes 230 control objectives mapped across the AI lifecycle, with third-party risk explicitly addressed. Financial services organizations should treat it as the applied version of the principles described here.
Build Third-Party AI Governance Before Regulators Build It for You
The NIST AI RMF gives TPRM programs a structured, function-by-function framework for governing the AI risk that arrives through your vendor relationships. The expanded 2025 guidance made clear this is a current concern, and the Home365 settlement has shown that regulators are prepared to act against organizations that treat vendor-sourced AI failures as someone else’s liability.
A mature program is built function by function: GOVERN establishes the policy and accountability foundation, MAP surfaces what you don’t yet know about your vendors’ AI usage, MEASURE validates it through structured assessment and continuous monitoring, and MANAGE prepares you for when something goes wrong.
Mitratech supports each stage of this lifecycle, from third-party AI inventory and risk-tiered assessments to continuous monitoring and incident response, within a unified TPRM platform. Organizations that have already implemented the framework’s general TPRM capabilities are typically one program update away from AI-specific alignment.
See how close your vendor program is to NIST AI RMF alignment.
Demander une démonstrationQuestions fréquemment posées
How does the NIST AI RMF apply to third-party risk management?
Three of the framework’s four functions contain provisions explicitly scoped to third-party and supply chain AI risk: GOVERN 6 (policies for third-party software and data), MAP 4 (risk mapping for all AI system components, including third-party), and MANAGE 3 (managing risks and benefits from third-party entities).
What is the difference between governing your own AI and governing your vendors’ AI?
Internal AI systems are under your organization’s direct control: you can audit them, restrict their access, and modify their behavior. Vendor AI operates outside that perimeter.
How do I discover which AI tools my third-party vendors are using?
The NIST AI RMF’s MAP function addresses this directly. Practically, it requires building AI inventory processes into vendor onboarding, asking explicitly about AI systems used in service delivery, data processing, and internal operations, and supplementing that with continuous monitoring that flags new AI tool adoption.
Does the NIST AI RMF apply outside the United States?
Yes. While developed by a U.S. federal agency, the AI RMF is sector-agnostic and applies across any geography. It is widely used as an operational companion to EU AI Act compliance, particularly for organizations managing high-risk AI system requirements phasing in through August 2026. NIST has also developed crosswalks between the AI RMF and ISO/IEC 42001, enabling organizations operating under international standards to align their programs without duplicating effort.
Editor’s Note: This post was originally published on Prevalent.net in 2023 and updated in 2025 and June 2026. In October 2024, Mitratech acquired Prevalent, an AI-enabled third-party risk management platform. Content has been updated to reflect expanded NIST AI RMF guidance, current regulatory developments, and Mitratech’s product offerings.
