“Vendors should provide verified accounts, smart rate limits, abuse detection, usage monitoring, contractual bans on distillation, incident disclosure, and audit rights,” Jain said. “Enterprises should ask how the vendor detects and blocks large-scale model extraction and can demand contracts that guarantee backup plans and financial refunds if the AI service gets attacked or suddenly shut down.”
Joshi said enterprise customers should also press vendors for greater transparency around model development and safeguards.
“Enterprise buyers should ask what training data was used, how it was trained, what guardrails exist, how they can audit it, and so on,” Joshi said. “Model publishers will have to come up with watermarking technology in models as well as model responses. So if the model ‘skills’ are stolen, they should be able to find the thief.”
