The Five Questions Your SaaS Vendors Hope You Never Ask
Alex Karp aimed them at the frontier labs. The worse answers sit further down your stack.
On July 1, Palantir CEO Alex Karp went on CNBC and laid out five questions every enterprise should be able to ask its AI vendors: Who owns the data? Where is it cached? Are the prompts secure? Who controls the weights? Is the value of your business being transferred to a third party?
He aimed the questions at the frontier labs. Most regulated enterprises, however, have far more exposure through their SaaS stack than through the model providers themselves. That is where the answers are often worse, and where almost nobody is asking.
Those five questions are the clearest vendor due-diligence framework published this year. They were delivered as a rant on a morning show, but they deserve to be treated as a standard.
The morning after the interview, Microsoft made Karp’s point for him. It announced Frontier Company, a $2.5 billion unit with six thousand engineers embedded inside customers, under the banner of AI engineering that amplifies and protects your intelligence. The protection language is welcome. The mechanism is less reassuring. Your knowledge, workflows, and judgment are unified inside the vendor’s platform, feeding the vendor’s agents, compounding on the vendor’s tenancy. The five questions apply to it verbatim.
By the holiday weekend the same argument had moved to All-In, where it ran for half an episode. David Sacks, the former White House AI czar, reframed the exchange as a definition of AI safety for the enterprise. Real safety is control of your own data, your model weights, and your compute, plus the ability to choose, at the model layer, who gets to see and use your alpha. Chamath Palihapitiya put the economics in one line. You cannot rent intelligence from the same place that rents it to your competitor. David Friedberg described model providers courting data-rich life-sciences companies with a trade. Proprietary datasets contributed to a shared vertical model in exchange for early access. The consensus forming at the top of the market is sovereignty through owned weights and owned hardware. Fine, for the few who can afford it. Most regulated enterprises will still wake up tomorrow running dozens of vendor platforms. The durable control is not the hosting model. It is the questions.
The same mechanics, running quieter
Look at what is actually happening across the SaaS layer. The pattern is the point, not any single company.
Training by default is becoming the norm. Multiple major platforms have moved in the past year from “we do not train on your data” to “we train on your data unless you find the setting and turn it off.” Some tiers cannot turn it off at all. Some categories of telemetry are mandatory. Retention windows for contributed data stretch to multiple years. A position your vendor risk team documented and approved eighteen months ago may simply no longer be true.
Sovereignty is being packaged as a pricing tier. Want your data excluded from training? Want customer-managed keys? Want a single-tenant deployment or residency guarantees that cover AI processing? That will be the top tier, or a premium deployment, priced and repriced at the vendor’s discretion. Control that must be purchased, and can be repriced, is not control. It is rented.
Context graphs are the new lock-in, and they compound daily. The most sophisticated SaaS vendors have understood something true: in the AI era, the moat is not the model, it is the context. They are building living graphs that connect your work, your people, your decisions, and your institutional memory. Every agent interaction writes structure back into the graph. Usage makes the graph richer. A richer graph makes the product smarter. A smarter product drives more usage. As a product mechanic, this is brilliant. As a sovereignty posture, it is a one-way door.
Agents are mutating your systems of record at industrial scale. Across the industry, AI agents connected to enterprise platforms are no longer just reading. Large fractions of agent activity are now writes. These agents typically inherit the full permissions of the human who invoked them. Every over-permissioned user account in your organization just became an over-permissioned autonomous actor. Audit logs let you see it afterward. They do not stop it.
The question behind the questions
None of this means the SaaS AI wave is a scam. Most of these capabilities are useful. Some are transformative. The trade on offer is one a rational enterprise can knowingly accept for plenty of workloads.
The operative word is knowingly.
The failure mode is not using AI-enabled vendors. The failure mode is using them without a written answer to the five questions, per vendor, per tier, revisited every time the terms change. Because the terms are changing. Under OSFI E-23, under DORA, under GDPR, a material change in how a third party handles your data is not a settings task. It is a reassessment trigger with documentation obligations attached.
This series has a name for assurance that holds continuously instead of once, at procurement: Continuous Agentic Assurance. It applies to your vendors’ AI as much as to your own agents.
So borrow Karp’s framework, and aim it wider than he did:
Data ownership. Who owns the data, including the metadata, the telemetry, and anything “de-identified” that still describes how your business runs?
Residency and caching. Where is it cached, and does your residency guarantee cover AI processing or only storage at rest?
Prompt and output security. Are the prompts and outputs secure, logged, and excluded from training, on your tier, in writing?
Model control. Who controls the models, and what happens to content already contributed when you opt out?
Alpha transfer. Is your alpha transferring, through training, through telemetry, or through a context graph you cannot take with you?
If a vendor’s answer to any of these is a support-page paragraph rather than a contractual term, you do not have an answer. You have a mood.
A disclosure, in the same spirit
Karp made no secret of his motives. He was at that desk to promote a partnership that sells the alternative, and when an anchor suggested the whole thing sounded like shade, he answered that it was reporting. The same disclosure applies here. iTmethods builds governance infrastructure for enterprises that want AI adoption with control intact. A piece arguing that vendor AI needs governance is exactly as self-interested as it sounds. Do what Karp told his own viewers to do. Do not take anyone’s word for it, mine included. Test the claims. Ask your own vendors the five questions and grade the answers yourself. The ones with good answers will put them in writing quickly. The silence of the others is also an answer.
Karp said something has gone completely wrong with how AI is being sold. He is right, and the problem runs deeper into the enterprise stack than his interview reached. The correction starts with buyers who ask better questions.
Run the five questions against any vendor in your stack in about eight minutes with the Vendor AI Governance Assessment at itmethods.com/reign/vendor-assessment, or read how Reign approaches governed AI adoption at itmethods.com/reign.
Paul Goldman is the CEO of iTmethods, where his team builds the control and assurance layer for agentic AI: the governance, evidence, and portability that let regulated institutions run any model, swap it under pressure, and prove control. He writes The Trust Layer.
Related reading: The Software Factory Is Going Dark. The Audit Trail Cannot. (July 1) · The New Standard for AI Trust Is Here. The Runtime Layer Is Not. (June 18) · Canada’s Sovereign AI Stack Has One Layer Left to Build (June 17)
Sources: CNBC, Squawk Box interview with Alex Karp, July 1, 2026 · Mediaite, verbatim transcript of the exchange, July 1, 2026 · Microsoft, “Microsoft Frontier Company: AI engineering that amplifies and protects your intelligence,” official blog, July 2, 2026 · All-In podcast, episode 279, July 2026 · OSFI Guideline E-23 Model Risk Management (effective May 1, 2027) · DORA, in force January 17, 2025 · GDPR

