Subscribe to the Non-Human & AI Identity Journal
Home FAQ Cyber Security What breaks when organisations rely on annual vendor…
Cyber Security

What breaks when organisations rely on annual vendor assessments for AI in OT?

← Back to all FAQ
By NHI Mgmt Group Editorial Team Updated July 12, 2026 Domain: Cyber Security

Annual assessments become stale as soon as the vendor changes code, infrastructure, or exposure. In OT, that lag can leave insecure dependencies, weak patching, or new attack paths undiscovered until after they affect production. Continuous evidence is needed because the risk surface changes faster than a yearly review cycle.

Why This Matters for Security Teams

Annual vendor assessments create a false sense of assurance when AI is deployed into operational technology environments. The review may document the vendor’s posture at a point in time, but it does not track model updates, changed dependencies, new remote access paths, or shifts in telemetry quality. That matters because AI in OT often influences safety, uptime, and recovery decisions, not just routine IT workflows. Current guidance from the NIST Cybersecurity Framework 2.0 points security teams toward ongoing governance and continuous risk management, which is a better fit for this environment than a once-a-year checkbox exercise.

Practitioners also underestimate how quickly vendor assurance can diverge from operational reality. A vendor may pass a questionnaire while silently changing cloud regions, retraining a model, adding sub-processors, or enabling new integrations that expand the attack surface. In OT, that drift is more than a compliance issue because a weak control can become a process interruption or unsafe command path. In practice, many security teams encounter vendor risk only after a plant-facing dependency changes in production, rather than through intentional monitoring.

How It Works in Practice

Annual assessments usually focus on questionnaires, policy attestations, and sampled evidence. That can help establish baseline due diligence, but it does not answer the questions that matter most for AI-enabled OT: what changed, when it changed, who approved it, and whether those changes affect safety or availability. For that reason, strong programmes shift from static review to continuous evidence collection, with explicit ownership across procurement, engineering, operations, and security.

A practical model usually includes:

  • Versioned evidence for the AI service, model, and supporting components so changes are traceable.
  • Dependency and integration monitoring so new APIs, libraries, data feeds, and remote support routes are visible.
  • Security control validation tied to operational risk, not just policy statements.
  • Defined triggers for reassessment after patches, configuration changes, incidents, or subcontractor changes.
  • Change management that connects vendor updates to OT testing, rollback planning, and safety review.

This approach aligns better with the intent of the NIST Cybersecurity Framework 2.0, which expects risk governance to be operational rather than episodic. For AI-specific assurance, teams often pair this with model and data lineage checks, plus human review of outputs that can influence control actions. The NIST AI Risk Management Framework is also useful where model behaviour, provenance, and monitoring need to be governed as part of the vendor relationship. These controls tend to break down when the vendor-hosted AI is tightly coupled to plant operations because production constraints discourage frequent testing and evidence collection.

Common Variations and Edge Cases

Tighter vendor oversight often increases operational overhead, requiring organisations to balance assurance against release speed and production constraints. That tradeoff is especially sharp in OT, where maintenance windows are narrow and vendors may resist intrusive validation. Best practice is evolving on how much continuous evidence is sufficient for AI in industrial settings, so there is no universal standard for this yet.

Some environments can still use annual assessments as a baseline, but only when they are supplemented by event-driven review and ongoing control verification. High-risk cases include AI systems that generate maintenance recommendations, interact with safety-related workflows, or depend on third-party cloud services outside direct OT control. In those cases, change notifications, SBOM-like dependency visibility, and monitored access to vendor support channels become more important than the questionnaire itself.

The other common edge case is where the vendor is assessed, but the integrator, platform provider, or managed service layer is not. That gap can hide the actual trust boundary. Security teams should treat AI supply chain assurance as a chain of dependencies, not a single approval event, and use the NIST Cybersecurity Framework 2.0 to anchor continuous monitoring, incident coordination, and recovery expectations across all parties.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST AI RMF and NIST IR 8596 set the technical controls, while EU Cyber Resilience Act and DORA define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0GV.RR-01Ongoing risk ownership is central when vendor AI changes faster than yearly reviews.
NIST AI RMFGOVERNAI governance needs continuous accountability, not one-time vendor attestation.
NIST IR 8596GV-3Cyber-AI risk guidance supports monitoring model behaviour and operational dependencies.
EU Cyber Resilience ActConnected products need lifecycle security evidence, not just annual assurance.
DORAOperational resilience rules reinforce continuous third-party oversight and incident readiness.

Assign clear risk owners and review triggers so vendor AI changes are assessed as they happen.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org