← All notes
LeadershipAI

How to Test AI Vendor Claims Before You Buy

A practical note on evaluating AI vendor claims with evidence, workflow testing, governance, and technical judgment before money changes hands.

The hardest technology decisions are not always the ones with the most complicated architecture. Sometimes the hard part is simply saying, “Show me how this works in our reality.”

That question matters more in the AI market than it did for many earlier waves of enterprise software. A good AI demo can feel almost unfairly persuasive. The system reads a messy document, answers in fluent English, calls a tool, writes a useful draft, creates a report, or summarizes a meeting before anyone has finished opening their laptop. It looks like the future arrived early.

But a demo is a controlled environment. Real organizations are not controlled environments.

The documents are old. The data definitions disagree. The customer issue is ambiguous. The prompt that worked yesterday behaves differently after a model update. The agent calls the wrong tool. The system returns an answer that sounds confident but cannot be traced to the source. Usage grows faster than the budget. Legal asks about data retention. Security asks who can see which files. The business team asks why the pilot did not change the metric that mattered.

This does not mean AI tools are fake or useless. Many are genuinely useful, and some are becoming important parts of modern software, analytics, customer support, knowledge work, and engineering. The mistake is treating impressive capability as proof of business fit.

The better habit is evaluation before belief.

A clear explanation is part of the product

Complex technology does not need to be simplistic, but it should be explainable at the right level.

If a vendor cannot explain what the product does, which assumptions it depends on, what data it needs, where it fails, and how success is measured, the problem is not that the buyer lacks imagination. The problem is that the buying decision has become too detached from evidence.

This is especially important when AI is presented as a shortcut around difficult work. You may hear that an assistant will eliminate manual review, an agent will automate operations, a model will unlock every internal document, or a platform will make the whole company “AI-native.” Sometimes there is value behind those claims. Sometimes the claim is doing more work than the product.

A useful explanation should pass a few simple tests:

  • What specific workflow changes after adoption?
  • Which users will use it, and how often?
  • Which data sources are required?
  • Which decisions remain with humans?
  • What error types are expected?
  • What happens when the model is uncertain, unavailable, slow, or wrong?
  • What metric will improve enough to justify the project?

These questions are not anti-innovation. They are how innovation survives contact with budgets, customers, employees, and production systems.

I think this is one of the most important lessons for technical leaders today. You do not protect a company by rejecting every new tool. You protect it by making the tool prove itself in a context that resembles the work you actually do.

The AI market has moved from curiosity to operating pressure

AI adoption is no longer a side conversation. McKinsey’s 2025 State of AI survey reported that 88 percent of respondents said their organizations were using AI in at least one business function. The same survey found that many organizations were still in experimentation or pilot stages, with only about one-third reporting enterprise-scale AI programs.

That combination explains the current pressure. Leaders see that AI is real, competitors are experimenting, employees are already using tools, and boards want progress. At the same time, many organizations have not yet built the habits needed to scale AI safely and profitably.

This is the perfect environment for weak buying decisions. The buyer feels urgency. The vendor has a polished story. The executive meeting is full of people who understand the business pain but may not know how to test the technical premise. The technical people may see the gaps, but if trust between business and technology teams is weak, their concerns can sound like resistance instead of judgment.

That is where organizations get into trouble. They buy the feeling of inevitability instead of the evidence of fit.

The modern version of technology due diligence has to include both business and engineering reality. It is not enough for the business team to say, “This problem is painful.” It is not enough for the technical team to say, “The architecture seems plausible.” The two sides need a shared way to answer a better question: under what conditions would this product create measurable value for us?

If the answer is unclear, the first purchase should not be a broad rollout. It should be a narrow test.

Start with the workflow, not the model

Many AI evaluations begin in the wrong place. The team asks which model is best, which agent framework is modern, which vector database is popular, or whether the vendor supports the newest capability. These questions can matter, but they are not the first questions.

The first question is: which work changes?

For a support team, the workflow might be triage, policy lookup, draft response, escalation, or quality review. For a finance team, it might be invoice matching, variance explanation, contract review, or monthly close documentation. For a data team, it might be metric discovery, SQL generation, dashboard explanation, anomaly investigation, or data quality checks. For engineering, it might be code review support, migration planning, test generation, incident summarization, or documentation search.

Each workflow has different risk. An AI assistant that drafts an internal summary is not the same as an agent that updates customer records. A chatbot that searches public documentation is not the same as a system that reads employee files. A tool that suggests SQL is not the same as a tool that runs write queries against production databases.

The evaluation should match the risk of the workflow.

A low-risk use case may need a simple pilot with user feedback and basic quality checks. A high-risk use case may need access control review, test datasets, audit logs, human approval, incident response planning, privacy review, and clear rollback criteria. If the vendor treats every use case as equally easy, that is a warning sign.

This is also why practical AI skill matters inside companies. In How to build practical AI skills for today’s tech job market, I wrote that using AI vocabulary is not the same as building reliable AI systems. The same is true for buying them. You need people who can translate business goals into technical tests.

Ask for proof that matches your data

The most persuasive demo is usually built from favorable examples. That is normal; vendors are trying to show their product well. But your evaluation should move quickly from their examples to your examples.

If the product is a retrieval assistant, test it on your documents. Include old policies, conflicting versions, missing information, ambiguous questions, and documents with permissions that should not leak. If the product summarizes calls, test real transcripts with interruptions, unclear speaker turns, domain-specific terms, and sensitive details. If it extracts fields from contracts, include edge cases, unusual clauses, scans with formatting problems, and examples where the correct answer is “not present.”

The goal is not to embarrass the vendor. The goal is to learn how the system behaves when reality is less polite than the sales deck.

Good evaluation separates several questions that are often mixed together:

  • Did the system retrieve or access the right information?
  • Did it interpret that information correctly?
  • Did it produce the output in a usable format?
  • Did it identify uncertainty or missing evidence?
  • Did it respect permissions and policy?
  • Did it complete the workflow faster or better than the current process?

For LLM applications, this separation matters. A wrong answer may come from poor retrieval, weak prompting, bad source data, tool failure, model behavior, or unclear workflow design. If the vendor cannot help diagnose failures, the buyer may inherit a system that looks intelligent but is difficult to improve.

Datadog’s 2026 State of AI Engineering makes this operational point clearly: production AI systems now involve model fleets, orchestration, tool calls, long prompts, retries, cost control, and debugging across service boundaries. In other words, buying AI is not only buying an interface. It is buying into an operating model.

A pilot needs a measurement plan before it starts

Many pilots fail because the organization treats them as demonstrations instead of experiments.

A demonstration asks, “Can this tool do something impressive?” An experiment asks, “Does this tool improve this workflow for these users under these constraints?” The second question is much more useful.

Before a pilot begins, define the baseline. How long does the current process take? How many errors are typical? How often do users escalate the issue? How many tickets, documents, queries, or cases can the team handle today? What does quality mean? Who decides whether an answer is acceptable?

Then define the success threshold. A 5 percent improvement may not justify integration cost. A 30 percent improvement may be meaningful if quality holds. A faster workflow may be unacceptable if error severity rises. A tool that users like may still fail if it creates compliance risk or hidden review work.

It also helps to define kill criteria in advance. For example:

  • The system cannot meet the minimum accuracy threshold on priority cases.
  • The cost per completed task is higher than the manual process.
  • Users need so much review time that cycle time does not improve.
  • Required data cannot be permissioned safely.
  • Latency makes the workflow worse.
  • Failure modes cannot be logged or reproduced.

Kill criteria sound negative, but they are healthy. They prevent teams from protecting a weak project because too many people are already emotionally or politically invested.

For AI projects, a measurement plan should include more than final output quality. It should include cost, latency, escalation rate, user adoption, security exceptions, support burden, and maintenance effort. A tool can be accurate and still not be worth deploying if it is too slow, expensive, fragile, or hard to govern.

Evaluation and observability are buying requirements

The AI systems that matter most are often non-deterministic. They can produce different outputs across model versions, prompts, retrieved context, tool results, and user wording. This does not make them unusable, but it does change what buyers should demand.

You need evaluation and observability.

Evaluation tells you whether the system works against known cases. Observability tells you what happened when it did or did not work in real use. Without both, teams end up debugging by anecdote. One user says the tool is excellent. Another says it failed badly. A manager sees a beautiful dashboard. An engineer sees unknown tool calls and unexplained cost spikes. Nobody has a shared picture of reality.

LangChain’s 2026 State of Agent Engineering found that quality was a top production barrier for agent systems, while observability and evaluation had become central practices for teams deploying agents. That matches what serious buyers should expect. If an agent can plan steps, call tools, or interact with business systems, the organization needs traces, logs, evaluations, and controls.

Before buying an AI product, ask:

  • Can we see the retrieved sources or tool calls behind an answer?
  • Can we export logs for review and incident analysis?
  • Can we test changes before release?
  • Can we compare prompts, models, or configurations against a fixed test set?
  • Can we monitor cost and latency by workflow or team?
  • Can we enforce limits on tool access, tokens, retries, and actions?
  • Can users report bad outputs in a way that improves the system?

If the answer is mostly no, the product may still be useful for low-risk personal productivity. It is harder to justify as enterprise infrastructure.

Governance is not paperwork after the decision

Governance should not begin after the contract is signed. It should shape the buying decision.

The NIST AI Risk Management Framework is useful here because it treats AI risk as something organizations must govern, map, measure, and manage. NIST’s Generative AI Profile emphasizes that generative AI risks can appear across design, deployment, operation, and decommissioning, not only at launch. That is a practical point: AI risk is a lifecycle issue.

The European Commission’s AI Act guidance also shows where regulation is heading: risk-based obligations, human oversight, logging, documentation, transparency, and attention to high-risk use cases such as employment, education, essential services, and critical infrastructure. Even organizations outside Europe should notice the direction. Buyers will increasingly need to know not just what an AI system can do, but how it is controlled.

For a company evaluating AI tools, governance questions are concrete:

  • What data can the vendor access?
  • Is customer or employee data used for training?
  • Where is data stored and processed?
  • How are permissions inherited from source systems?
  • Who can approve high-impact actions?
  • How are model changes communicated?
  • What documentation exists for audits?
  • What happens when a user challenges an output?

These questions are not only for legal or compliance teams. They affect product quality. A system that ignores permissions may create security risk. A system without audit logs may be impossible to debug. A system without human oversight may be unacceptable in a high-impact workflow. A system with unclear data retention may slow approval even if the technical demo is strong.

Good governance does not kill useful AI. It makes useful AI easier to trust.

Cost needs more detail than a license price

AI cost can be surprisingly slippery.

The contract may show a subscription fee, but the real cost can include implementation, data preparation, integration, user training, security review, evaluation work, observability, human review, storage, model usage, premium features, support, and future customization. If the system uses consumption-based pricing, the bill may grow as adoption improves. If the workflow depends on long context, repeated tool calls, or multi-step agents, cost and latency can move together.

This is why a buyer should ask for a cost model tied to usage, not only a pricing page.

What does one completed task cost at expected volume? What happens if usage doubles? Which parts of the workflow call the model? Are cheaper models used for simple tasks and stronger models reserved for harder ones? Is prompt caching available? Are retries bounded? Can departments see their own usage? Can the company set budgets or rate limits?

These questions may sound too detailed for an early buying conversation, but they become urgent after launch. A tool that is cheap during a small pilot can become expensive when rolled out to hundreds or thousands of employees. A tool that saves time for users can still create hidden platform cost if every interaction sends large prompts, repeats the same context, or fans out through too many tools.

Cost discipline is part of engineering discipline. It is not separate from product value.

Trust between business and technical teams is the real control

The source lesson behind this article is ultimately about organizational trust. When business leaders do not trust technical leaders, technical warnings become easy to dismiss. When technical leaders do not understand business pressure, their warnings can sound vague or defensive. That gap is where bad technology decisions grow.

The solution is not to give all power to one side. Business teams understand pain, urgency, customer impact, and strategic pressure. Technical teams understand architecture, data, security, reliability, maintainability, and integration. AI buying needs both.

A healthy evaluation process gives each side a real role:

  • Business leaders define the problem, priority, users, and success metric.
  • Technical leaders test feasibility, integration, reliability, data access, and failure modes.
  • Security and legal review risk early enough to shape the pilot.
  • Finance checks the cost model against realistic adoption.
  • Users test the workflow instead of only watching a presentation.

This shared process builds trust because it replaces opinion with evidence. The business team can see that technical review is not obstruction. The technical team can see that business urgency is not recklessness. The vendor can see that the buyer is serious.

When this process is missing, the decision often becomes political. The loudest promise wins, the strongest fear slows everything down, or the team buys a tool that nobody fully owns. None of those outcomes is good.

A practical checklist before saying yes

Before signing a meaningful AI contract, I would want answers to these questions.

First, what exact workflow will improve, and what is the current baseline? If nobody can describe the current process, the improvement claim is probably too vague.

Second, what evidence did we test using our own data? Vendor examples are useful for orientation, but buyer examples reveal fit.

Third, what are the expected failure modes? A mature vendor can describe where the product struggles and how those failures are detected.

Fourth, what controls exist around permissions, human approval, logging, and rollback? The more authority the system has, the stronger these controls need to be.

Fifth, how will we evaluate quality before and after launch? A few happy users are not enough for a system that affects important workflows.

Sixth, what does the operating cost look like at realistic volume? Include usage, review, support, monitoring, and maintenance.

Seventh, who owns the system internally after purchase? If ownership is unclear, the tool may become another orphaned platform.

Finally, what would make us stop? If there is no answer, the pilot is not really an experiment.

The takeaway is not skepticism. It is discipline.

It is easy to become cynical about AI vendors, and that would be the wrong lesson. Some products are strong. Some teams are solving real problems. Some organizations are already getting value from AI because they combine ambition with careful implementation.

The lesson is that AI does not remove the need for judgment. It increases the cost of missing it.

The more powerful a tool appears, the more important it becomes to test the claim behind it. Can the product explain itself? Can it work with your data? Can it handle your workflow? Can it be measured? Can it be governed? Can your technical team understand enough to operate it? Can your business team connect it to a real outcome?

If the answer is yes, move forward with a focused pilot and learn quickly. If the answer is no, slow down. The pressure to adopt AI is real, but pressure is not a strategy.

Good technology does not need to hide behind mystery. It can be explained, tested, measured, improved, and governed. That is what buyers should demand. Not because they are afraid of new tools, but because they are serious about using them well.

More notes