Your enterprise client just sent over their vendor security questionnaire. And this time, there’s a new section at the end: AI tools and data handling.
This has become routine. Insurance underwriters, procurement teams at regulated companies, and enterprise IT security leads are all adding AI sections to the questionnaires they send to vendors. The questions vary in specificity but cluster around five themes: what tools you use, what data enters those tools, how you prevent exposure, what records you keep, and whether you have a policy that is actually enforced.
Most companies that use AI tools cannot answer these questions cleanly. They know their teams use ChatGPT, Copilot, and Claude — but they do not have a formal tool inventory, a data handling policy, or an audit log. When a security questionnaire arrives, they either guess or they stall.
This guide gives you the five categories of AI questions your clients will ask, what a defensible answer looks like, and what documentation you need to back it up.
Why AI questions are showing up on questionnaires
Two things happened simultaneously: AI adoption exploded, and enterprise risk frameworks caught up with it.
On the adoption side, most teams at most companies are now using AI tools daily — often without any formal approval process. On the risk side, a series of high-profile incidents involving AI and confidential data (Samsung engineers pasting source code into ChatGPT, law firms submitting AI-generated citations, financial firms violating data residency rules through AI providers) created awareness at the board and procurement level.
Enterprise buyers now understand that their vendors are using AI. They want to know whether those vendors are doing it carefully. The security questionnaire is how they find out.
The underlying concern is always the same: does your AI use create a pathway for my data to reach a third party I did not authorize? Everything else in the questionnaire is a proxy for that question.
The five categories of AI questions
1. Tool inventory: “What AI tools do your employees use?”
What they’re asking: Do you know what AI tools are running inside your organization? Do you have an approved list, or is it unsupervised?
The weak answer: “We use ChatGPT and Microsoft Copilot for some tasks.”
The defensible answer: “We maintain an approved AI tools list updated quarterly. Approved tools include [list]. Employees are not permitted to use AI tools outside the approved list for work purposes. Usage is monitored at the network and endpoint layer.”
Documentation required:
- A written approved AI tools list with review dates
- Evidence that unapproved tools are blocked or monitored (access control policy, network logs, or endpoint management records)
If you can’t produce a list, you don’t have an answer. The question is a screen for whether AI governance exists at all.
2. Data classification: “What categories of data can employees submit to AI tools?”
What they’re asking: Does sensitive data — and specifically, their data — enter your AI tools? Can you prove it doesn’t?
The weak answer: “We remind employees not to put sensitive information into AI tools.”
The defensible answer: “Our AI usage policy defines which data classifications may be submitted to approved AI tools. Personal data, client data, and confidential business information are prohibited from entry into any externally-hosted AI model without explicit controls in place. These controls are enforced technically, not only through policy.”
Documentation required:
- A data classification policy that maps data types to permitted AI tool use
- Evidence of technical enforcement (prompt inspection, content filtering, or data loss prevention configured for AI traffic)
This is the question most companies fail. “We have a policy” is not an answer unless you can show how the policy is enforced technically. A reminder in the employee handbook is not technical enforcement.
3. Prevention controls: “How do you prevent sensitive data from leaving your environment via AI tools?”
What they’re asking: Do you have controls in place, or are you relying on employee judgment?
The weak answer: “We have a data handling policy and employee training.”
The defensible answer: “We use an AI gateway that inspects prompts before they reach external model providers. The gateway enforces data classification rules in real time — prompts containing defined sensitive patterns are redacted or blocked before transmission. This operates at the infrastructure layer and does not depend on employee discretion.”
Documentation required:
- A description of the technical control (gateway, proxy, or content inspection layer)
- Evidence that it is deployed and active (configuration screenshots, vendor documentation, or a brief architecture description)
- Scope: which tools, which surfaces (browser, desktop, API calls), which employees
This question distinguishes companies with real controls from companies with policies on paper. An AI gateway or prompt inspection layer is the evidence they’re looking for.
4. Audit trail: “What records do you maintain of AI activity, and for how long?”
What they’re asking: If there’s an incident, can you reconstruct what happened? Can you produce records for an audit?
The weak answer: “We rely on the logs provided by the AI provider.”
The defensible answer: “We maintain an independent audit log of AI activity that includes: the identity of the user initiating each request, the AI tool or model used, a timestamp, the policy decision applied (allowed, blocked, or redacted), and for high-risk actions, the human approval record. Logs are retained for [duration] and are tamper-evident.”
Documentation required:
- A sample audit log (redacted) demonstrating the fields captured
- Log retention policy stating duration and storage location
- Evidence that logs are independent of the AI provider (you hold them, not just the provider)
Provider-side logs are not sufficient. If OpenAI deletes your account tomorrow, do you still have records? The questionnaire is asking whether you have the records.
5. Policy and enforcement: “Do you have an AI usage policy? How is it enforced?”
What they’re asking: Is there a documented policy, and does it have teeth — or is it a document nobody reads?
The weak answer: “Yes, we have an acceptable use policy that covers AI tools.”
The defensible answer: “We have a written AI usage policy that defines: approved tools, prohibited data categories, required approval workflows for high-risk AI actions, and the enforcement mechanism. The policy is enforced technically through our AI gateway and is reviewed [annually/quarterly]. Employees acknowledge the policy as part of onboarding and annual review.”
Documentation required:
- The AI usage policy document (or a summary you can share)
- Evidence of technical enforcement (same as the prevention question above)
- Review date and policy version number
A policy without enforcement evidence is worth little in a security questionnaire. The combination of a written policy and a technical control that enforces it is what passes scrutiny.
What this tells your client
When a client sends an AI section on a security questionnaire, they are running a quick screen. They want to know whether you are a vendor who has thought about this, or a vendor who hasn’t.
The threshold is not perfection. Enterprise buyers with mature security programs know that SMBs and scale-ups don’t have the same controls as a Fortune 500. What they are looking for is evidence of intentionality: that you know what AI tools you use, that you have a policy for how they are used with client data, and that you have some technical mechanism to back the policy up.
A company that can answer all five categories — even if the answers are “we use three approved tools, restrict client data categories, run prompt inspection at the browser layer, keep 12 months of logs, and have a policy reviewed annually” — passes the screen. A company that says “we use AI responsibly and train our employees” does not.
Building the documentation before the next questionnaire arrives
The fastest way to prepare is to treat the five categories as a checklist:
- Inventory: Can you produce an approved AI tools list today? If not, build one.
- Classification: Does your data policy explicitly address AI tools? If not, add an AI section.
- Controls: Do you have a technical control that enforces that policy? If not, this is the gap.
- Audit trail: Are you capturing an independent log of AI activity? If not, you cannot answer audit questions.
- Policy: Is your AI usage policy written, dated, and acknowledged by employees? If not, write it.
The technical control is the hardest gap to close, because email reminders and policy documents cannot substitute for it. An AI gateway that inspects prompts, enforces data classification rules, and produces a tamper-evident audit log is what makes the other four answers credible.
For most teams, this is a one-day deployment: a gateway layer that sits in front of your AI tools, enforces the rules defined in your policy, and keeps the logs. The next time a security questionnaire arrives, you hand over the documentation rather than guessing.
Qadar AI Shield is the AI gateway for lean teams: browser, desktop, mobile, and agent workflows governed from a single control plane, with a built-in audit trail that answers vendor security questionnaire requirements out of the box. See how it works.