Most AI vendor procurement failures show warning signs in due diligence that buyers either miss or rationalise away. The patterns are consistent across sectors and vendor types: implausible capability claims that the procurement team accepts because the demo was impressive; vague answers about training data that get characterised as commercial sensitivity; reference customers in different industries that get accepted as "close enough"; pressure to skip due diligence framed as competitive urgency. This guide catalogues the AI vendor red flags that should trigger deeper investigation or procurement stop. Single red flag in isolation may not be disqualifying; clustering of red flags almost always justifies stop.
Commercial red flags
Implausible capability claims: claims that materially exceed what frontier models can do, claims of capabilities without independent evaluation, claims that depend on benchmarks the vendor selected. Vague training data answers: inability or unwillingness to describe training data sources, fair use opinions on hand, indemnification position. Reference customers not in your industry: references that look impressive on the website but cannot actually speak to your use case. Pricing structure designed to make comparison hard: complex tiered pricing, hidden usage charges, "enterprise pricing" that cannot be obtained without commitments, pricing that changes between proposal and contract. Pressure to skip evaluation: "we cannot offer the same pricing if you take longer than X weeks", "we have other customers waiting" — competitive urgency is sometimes real but is also a classic pressure tactic.
Technical red flags
Inability to explain failure modes: every AI system has failure modes; vendors who cannot describe them either do not know (which is itself a red flag) or are choosing not to disclose. Evaluation only on vendor-selected benchmarks: standard benchmarks have contamination issues; vendor-selected benchmarks compound this. Insist on evaluation on buyer-specific test sets. No model card or transparency documentation: legitimate AI vendors publish model cards or equivalent transparency documentation. Absence of this signals either immaturity or unwillingness to commit. Inability to describe what the AI cannot do: AI capabilities have clear boundaries; vendors who cannot articulate these boundaries either do not understand their own product or are concealing limitations. Demo-quality results that do not survive realistic data: results that look great on demo data but fail on realistic buyer data are a common pattern. No discussion of accuracy, bias, or fairness testing: legitimate AI vendors have done this work and will discuss it.
Governance red flags
No AI policy: AI vendors should have an AI policy at minimum, ideally a usage policy customers can reference. No AI inventory: AI vendors should be able to articulate their own AI use beyond the product they are selling. No documented bias testing: AI making any consequential decisions should have documented bias testing. No incident response procedures: AI vendors will have incidents; absence of procedures signals immaturity. No ISO 42001 path articulated for material vendors: for material B2B AI vendors selling into regulated industries, ISO 42001 is becoming a baseline expectation. Vendors who have not articulated a path are signalling they are not serious about the operational dimension. Unable to provide governance documentation: trust centre access, security and privacy documentation, attestation reports — these should be readily available.
Contract and commercial red flags
Refusal to commit to training data exclusion: standard contractual commitment for enterprise AI; refusal is a clear stop signal. Limited liability caps disproportionate to deal size: liability caps that are unreasonably low for the deal size. No IP indemnification: for AI-generated content vendors, IP indemnification is increasingly standard. Refusal signals either IP position concerns or unwillingness to stand behind the product. No audit rights even through attestations: legitimate vendors provide audit access either directly or through third-party attestations. Aggressive change of control provisions: provisions that lock customers in despite vendor failure or acquisition by undesirable acquirer. Refusal to engage on exit and portability: vendors that make exit and portability difficult are creating future lock-in costs.
Behavioural red flags
Pressure to skip due diligence: competitive urgency framed as reason to skip standard procurement processes. Reluctance to provide documentation: standard documentation requests met with "commercial sensitivity" or "we don't usually provide that". Defensive responses to standard questions: governance questions that produce defensive or evasive responses. References that all came from sales-facilitated introductions: references should include both vendor-provided and buyer-sourced. Founder or executive turnover: founder departures, executive turnover, or board changes can signal underlying issues. Reluctance to introduce technical staff: vendors who keep technical conversations to sales rather than introducing engineering teams may be hiding capability gaps. Persistent escalation to executive sponsor: vendors who repeatedly escalate to executive sponsors to bypass procurement scrutiny.
Red flags specific to startup vendors
For early-stage AI vendors, additional red flags apply. Concentration risk: heavy dependence on a small number of customers, technologies, or partnerships. Investor quality concerns: investors not known for due diligence rigor, or investors who appear to be exiting their position. Runway questions: insufficient runway to support a multi-year customer commitment. Capability claims that exceed team size: companies claiming capabilities that seem implausible given visible team size. Pivot history: companies that have pivoted multiple times may be searching for product-market fit; this is not necessarily disqualifying but warrants attention. Founder-CEO transitions: under some circumstances signal maturity; under others signal underlying problems.
Using red flags in procurement
The framework: (1) Establish red flag awareness across the procurement team. (2) Document red flags observed during evaluation. (3) Cluster red flags and assess severity — single flags warrant attention; multiple flags warrant deeper investigation or procurement stop. (4) Escalate clustered red flags to senior decision-makers. (5) Document the disposition of red flags — accepted with mitigation, escalated, procurement stop. (6) Maintain post-procurement monitoring for vendors with accepted red flags. The goal is not to disqualify vendors at the first sign of imperfection — every vendor has flaws — but to ensure systematic identification and management of risk signals that would otherwise be missed.
