In an era where manufacturing is increasingly adopting AI technologies, risks associated with third-party risk management (TPRM) are rising. A recent incident highlighted the failure to recognize operational changes after a predictive procurement tool activated a generative AI feature without due diligence. Key compliance and procurement processes, such as vendor claims and data processing agreements, often overlook these critical updates, revealing a significant gap in risk assessment. Manufacturing faces unique challenges, with complex data exposure from proprietary information processed by unknown AI models. To mitigate these risks, three strategic changes are essential: 1) Decouple AI updates from traditional procurement events to ensure immediate TPRM reassessment; 2) Introduce AI-specific addendums to existing questionnaires, requiring detailed disclosures from vendors; 3) Revamp governance committees to include cybersecurity and data privacy experts. Organizations that proactively close these gaps can better safeguard against evolving AI-related threats and enhance compliance with regulations, like the EU AI Act.
Source link
