Coming soon · design previewThis page mocks up an unreleased capability with realistic data. It is not yet wired to live providers. Back to demo home
Coming soon · AI vendor risk hub
One page per vendor. Audit evidence in two minutes.
A maintained per-vendor posture — SOC 2, ISO 27001, GDPR, EU AI Act, data residency, prompt retention, training-on-data, sub-processors. Updated quarterly by GreyScape.ai. Drilldown view shows everything a customer auditor will ask for.
Approved vendors
9
In review
3
Blocked
1
Vendor posture overview
13 vendors tracked · updated quarterly| Vendor | Category | SOC 2 | ISO 27001 | GDPR | EU AI Act | Residency | Prompt retention | Trains on data | Status |
|---|---|---|---|---|---|---|---|---|---|
| OpenAI | LLM | US, EU available | 30 days (API) | approved | |||||
| Anthropic | LLM | US, EU available | 30 days (API) | approved | |||||
| Azure OpenAI | LLM | Your Azure region | Per Azure policy | approved | |||||
| Google Vertex AI | LLM | Your GCP region | Per GCP policy | approved | |||||
| AWS Bedrock | LLM | Your AWS region | Not retained | approved | |||||
| Mistral La Plateforme | LLM | EU | 30 days | approved | |||||
| Cohere | LLM | US, EU | Not retained | approved | |||||
| Perplexity (paid) | LLM | US | 30 days | review | |||||
| Hugging Face Inference Endpoints | LLM | User-selected | Not retained | approved | |||||
| GitHub Copilot | Coding | US | Per GitHub policy | approved | |||||
| Cursor IDE | Coding | US | Configurable | review | |||||
| Midjourney | Image | US | Indefinite | blocked | |||||
| ElevenLabs | Audio | US | Per plan | review |
Vendor drilldown — Anthropic
Sample of the per-vendor evidence page produced for compliance teams.
Compliance posture
- SOC 2 Type II
- Yes · valid through Mar 2026
- ISO 27001
- Yes · 2024 cert
- HIPAA
- BAA available on Enterprise
- EU AI Act
- Partial — provider obligations met
Data handling
- Residency
- US default · EU available on request
- Prompt retention
- 30 days (API tier, abuse review)
- Trains on prompts
- No (Console + API)
- Sub-processors
- AWS, GCP — full list on Anthropic trust page
Operational
- Status page
- status.anthropic.com
- Security contact
- [email protected]
- DPA
- Standard DPA available on Enterprise
- Last reviewed by GreyScape.ai
- May 03 (quarterly cadence)
Auditor-ready evidence pack: click Export evidence on the live page to generate a PDF with SOC 2 letter excerpt, DPA reference, residency screenshots, and the most recent quarterly review note — typical content for a customer-due-diligence questionnaire.
3 vendors in review queue
- Perplexity (paid) — ISO 27001 cert missing, training-on-data policy ambiguous. Decision needed: keep approved, restrict to specific teams, or block.
- Cursor IDE — ISO 27001 missing, prompt retention is configurable per user. Recommend pushing config to enterprise plan defaults.
- ElevenLabs — partial training-on-data; revisit if voice cloning use case grows beyond marketing team.
How you'd use this
- GreyScape.ai ships with ~50 vendors pre-populated; quarterly review cadence is automatic.
- Vendor approval status drives the approved-models policy on /settings/policies.
- Customer auditor asks for evidence? Export evidence pack from any vendor drilldown.
Sample output
13 vendors tracked with full SOC 2 / ISO / GDPR / EU AI Act posture. 9 approved, 3 in review, 1 blocked. One-click PDF evidence per vendor.
What this unlocks
Pass a customer audit without an emergency. Stop maintaining a GRC spreadsheet that's always six months out of date. Tie vendor risk to your approved-models policy so “banned vendor” becomes “auto-blocked at the advisor and gateway”.