KoraSafe

AI vendor governance directory

Helping enterprises assess AI vendor risk through a governance and compliance lens. Evaluate data privacy, bias controls, transparency, and regulatory readiness across major AI providers.

Strong
Moderate
Concerns

OpenAI

GPT-4o, ChatGPT, DALL-E, Codex
LLM Image Code
Data PrivacyModerate
Bias ControlsModerate
TransparencyModerate
Regulatory ComplianceModerate
SecurityStrong
Content SafetyStrong
Publishes system cards and safety evaluations for major releases. Offers enterprise data handling agreements and SOC 2 compliance. Model weights are closed-source, which limits independent auditing of internal behaviors.

Anthropic

Claude 3.5 Sonnet, Claude 3 Opus, Claude 3 Haiku
LLM Code
Data PrivacyStrong
Bias ControlsStrong
TransparencyStrong
Regulatory ComplianceStrong
SecurityStrong
Content SafetyStrong
Founded on AI safety research principles with Constitutional AI approach. Publishes detailed responsible scaling policies and model cards. Offers strong enterprise data retention controls and does not train on customer data by default.

Google

Gemini Ultra, Gemini Pro, Imagen, Vertex AI
LLM Image Code
Data PrivacyModerate
Bias ControlsStrong
TransparencyModerate
Regulatory ComplianceStrong
SecurityStrong
Content SafetyStrong
Extensive AI Principles framework published since 2018. Vertex AI enterprise platform provides strong data isolation and compliance certifications. Consumer-facing products involve broader data collection which may concern some enterprise use cases.

Meta

Llama 3.1, Llama 3, Code Llama
LLM Code Open Source
Data PrivacyStrong
Bias ControlsModerate
TransparencyStrong
Regulatory ComplianceModerate
SecurityModerate
Content SafetyModerate
Open-weight model release enables full transparency and self-hosting for data privacy. However, open distribution means deployers are responsible for safety guardrails. Meta publishes model cards and acceptable use policies but enforcement depends on the deployment context.

Mistral AI

Mistral Large, Mixtral, Mistral 7B
LLM Code Open Source
Data PrivacyStrong
Bias ControlsModerate
TransparencyStrong
Regulatory ComplianceStrong
SecurityModerate
Content SafetyModerate
EU-based company with strong alignment to European regulatory frameworks, including the EU AI Act. Offers both open-weight and commercial models. Publishes usage policies and offers enterprise deployment options with data processing agreements compliant with GDPR.

Cohere

Command R+, Command R, Embed, Rerank
LLM Embeddings
Data PrivacyStrong
Bias ControlsModerate
TransparencyModerate
Regulatory ComplianceStrong
SecurityStrong
Content SafetyModerate
Enterprise-focused provider offering private cloud and on-premises deployment options. Strong data privacy controls with SOC 2 Type II compliance. Supports RAG-native workflows which help reduce hallucination risk through grounded generation.

Stability AI

Stable Diffusion XL, Stable Video, Stable Audio
Image Open Source
Data PrivacyStrong
Bias ControlsConcerns
TransparencyStrong
Regulatory ComplianceConcerns
SecurityModerate
Content SafetyConcerns
Open-weight image generation models enable full self-hosting and data control. However, open distribution creates challenges for content safety enforcement. Training data sourcing has faced legal scrutiny around copyright, and deployers bear responsibility for implementing safety filters.

Amazon

Bedrock, Titan Text, Titan Embeddings
LLM Embeddings
Data PrivacyStrong
Bias ControlsModerate
TransparencyModerate
Regulatory ComplianceStrong
SecurityStrong
Content SafetyModerate
Bedrock provides access to multiple foundation models within the AWS security and compliance ecosystem. Strong data isolation through VPC integration, encryption, and IAM controls. Full compliance certifications (SOC, HIPAA, FedRAMP) inherited from AWS infrastructure.

Assessment methodology

Our vendor governance profiles are designed to help enterprises evaluate AI providers through a structured risk lens. Each assessment considers the following criteria:

Profiles are updated periodically as vendors evolve their practices, publish new documentation, or achieve new compliance milestones. Ratings reflect a point-in-time assessment and should be supplemented with direct vendor engagement.

Assess your AI vendor risk with KoraSafe

Go beyond surface-level assessments. KoraSafe's platform provides continuous AI vendor risk monitoring, automated compliance checks, and governance workflows tailored to your regulatory requirements.

Request a Demo

Profiles based on publicly available information as of early 2025. Vendor practices, policies, and capabilities change frequently. Contact vendors directly for the latest details on their governance and compliance posture. KoraSafe does not endorse or disparage any vendor listed in this directory.