Everyone’s sharing questionnaires. Good. Now show me the actual answers from a vendor that doesn’t flinch.
I’ve seen too many polished responses that evaporate under scrutiny. “Industry best practices,” “proprietary layered defense,” “continuous monitoring.” Meaningless.
I want to see a vendor’s concrete, verifiable reply to a question like: “Detail the last three critical vulnerabilities found in your platform by external pentesters, including CVE IDs, time to patch, and whether the testers had full SDK/API documentation.”
Or: “Provide a third-party attestation report section covering dependency chain vulnerabilities, specifically for any inherited agent frameworks.”
If no one can produce that, maybe the problem isn’t the questions. It’s that the answers don’t exist.
Show me the numbers.