AI vendors with SOC 2 Type II

AI vendors with a SOC 2 Type II audit attestation, demonstrating ongoing operational effectiveness of security and availability controls.

SOC 2 Type II is the most common security attestation enterprise buyers ask for during AI vendor diligence. It indicates that an independent auditor has tested the vendor's controls over an observation period (typically 6-12 months) and reported on their effectiveness. A current Type II report is table stakes for most regulated industries and a strong signal of security maturity. The vendors below have a public Type II attestation according to TrustAtlas's most recent verification.

Vendors with SOC 2 Type II

Anthropic

HQ: United States

AI safety-focused company building the Claude model family. Founded by former OpenAI researchers with a mission to develop reliable, interpr…

Score 11.44 · low

Amazon (AWS)

HQ: United States

Cloud infrastructure leader that develops proprietary Titan models and custom Trainium/Inferentia chips while offering multi-model access th…

Score 12.34 · low

Salesforce

HQ: United States

Enterprise CRM leader that combines proprietary AI models (Einstein, CodeGen, xGen) with OpenAI integration for Einstein GPT, embedding AI a…

Score 12.74 · low

Adobe

HQ: United States

Creative software leader that developed proprietary Firefly image generation models trained exclusively on licensed content, while integrati…

Score 13.74 · low

Cohere

HQ: Canada

Enterprise-focused AI company specializing in natural language processing for business applications. Known for retrieval-augmented generatio…

Score 13.79 · low

IBM

HQ: United States

Enterprise technology company offering the watsonx AI platform with proprietary Granite foundation models. Combines own model development wi…

Score 14.11 · low

Microsoft

HQ: United States

Global technology conglomerate that both develops proprietary AI models (Phi series) and deeply integrates OpenAI models across its Copilot …

Score 14.68 · low

SAP

HQ: Germany

Global enterprise software company integrating AI through its Joule AI assistant across ERP, supply chain, and business applications. Combin…

Score 16.63 · low

OpenAI

HQ: United States

Creator of the GPT model family and ChatGPT, one of the most widely adopted AI platforms globally. Operates as a capped-profit entity under …

Score 18.36 · low

Google DeepMind

HQ: United States

Google's unified AI research lab combining DeepMind and Google Brain, building the Gemini model family integrated across Google products and…

Score 18.85 · low

Oracle

HQ: United States

Enterprise cloud and database company offering OCI AI Services with both proprietary AI capabilities and third-party model hosting. Provides…

Score 19.89 · low

Palo Alto Networks

HQ: United States

Leading cybersecurity company integrating AI across its security platform through Cortex XSIAM (AI-driven security operations), Prisma Cloud…

Score 19.89 · low

Nuance (Microsoft)

HQ: United States

Healthcare AI unit of Microsoft providing clinical speech recognition and ambient documentation through Dragon Medical One and DAX Copilot. …

Score 20.86 · moderate

Writer

HQ: United States

Enterprise AI writing platform with proprietary Palmyra LLMs and application layer for brand-consistent content generation, compliance revie…

Score 20.93 · moderate

AI21 Labs

HQ: Israel

Israel-based AI company building the Jamba model family based on a novel SSM-Transformer hybrid architecture. Focused on enterprise applicat…

Score 22.34 · moderate

Workday

HQ: United States

Enterprise HR and finance platform integrating AI features across workforce management, payroll, and financial planning. Uses proprietary ML…

Score 22.45 · moderate

Mosaic (Databricks)

HQ: United States

Mosaic AI (formerly MosaicML, acquired by Databricks in 2023 for $1.3B) is the generative AI platform within Databricks. Enables model train…

Score 22.6 · moderate

Nvidia

HQ: United States

Dominant AI hardware manufacturer (GPUs, DGX systems) that also operates DGX Cloud inference platform and NIM microservices for model deploy…

Score 22.63 · moderate

SentinelOne

HQ: United States

Autonomous cybersecurity platform combining proprietary behavioral AI models with Purple AI, a generative assistant for threat hunting and S…

Score 22.96 · moderate

Scale AI

HQ: United States

Data infrastructure company providing AI training data labeling, model evaluation, and RLHF services. Operates both human-in-the-loop data a…

Score 23.3 · moderate

Hugging Face

HQ: United States

Open-source AI platform and model hub that hosts over one million models, datasets, and spaces. Develops proprietary models (BigScience BLOO…

Score 24.05 · moderate

Snowflake

HQ: United States

Cloud data platform with Cortex AI, providing LLM-powered SQL functions, document processing, and AI assistants that operate directly on dat…

Score 24.36 · moderate

ServiceNow

HQ: United States

Enterprise workflow automation platform integrating AI through Now Assist, which combines ServiceNow's proprietary Now LLM models with OpenA…

Score 24.4 · moderate

Datadog

HQ: United States

Cloud monitoring and security platform that has expanded into AI observability with LLM Observability for monitoring model performance, cost…

Score 24.41 · moderate

SambaNova

HQ: United States

Enterprise AI company offering the SambaNova Suite, an integrated full-stack AI platform combining proprietary Reconfigurable Dataflow Unit …

Score 24.5 · moderate

PolyAI

HQ: United Kingdom

UK-based voice AI company specializing in enterprise customer service voice assistants. Powers call centers for hospitality, financial servi…

Score 24.72 · moderate

Palantir

HQ: United States

Data analytics and defense technology company offering the Artificial Intelligence Platform (AIP) that integrates LLMs with operational data…

Score 25.09 · moderate

Databricks

HQ: United States

Unified data analytics and AI platform combining data lakehouse, ML ops, and generative AI capabilities. Offers Foundation Model APIs that i…

Score 25.4 · moderate

Cloudflare

HQ: United States

Edge network and security company that operates Workers AI, an inference platform running open-weight models on its global network. Hosts mo…

Score 25.89 · moderate

Slack

HQ: United States

Enterprise messaging and collaboration platform owned by Salesforce. Offers AI-powered features including Slack AI for channel summarization…

Score 26.47 · moderate

GitHub Copilot

HQ: United States

AI pair programming tool integrated into VS Code, JetBrains, and other IDEs. Provides code completion, chat assistance, and code review powe…

Score 27.12 · moderate

Vanta

HQ: United States

Automated security and compliance platform helping companies achieve SOC 2, ISO 27001, HIPAA, and GDPR compliance. Adds AI Agent for securit…

Score 27.24 · moderate

Zoom

HQ: United States

Video communications platform offering AI Companion for meeting summaries, smart recording chapters, real-time transcription, email and chat…

Score 27.35 · moderate

Atlassian

HQ: Australia

Enterprise collaboration software company behind Jira, Confluence, and Bitbucket. Offers Rovo, an AI assistant that searches across connecte…

Score 28.51 · moderate

Synthesia

HQ: United Kingdom

AI video generation platform that creates professional videos with AI avatars from text scripts. Enterprise-focused tool for training, onboa…

Score 29.28 · moderate

Kensho (S&P Global)

HQ: United States

Financial AI research and solutions arm of S&P Global. Develops NLP, speech, and extraction models fine-tuned for financial documents and in…

Score 29.4 · moderate

Khanmigo (Khan Academy)

HQ: United States

AI-powered tutor and teaching assistant from nonprofit Khan Academy, built on OpenAI's GPT-4 with specialized educational guardrails. Suppor…

Score 29.49 · moderate

Casetext

HQ: United States

Legal AI platform acquired by Thomson Reuters. Offers CoCounsel, an AI legal assistant for contract review, legal research, document summari…

Score 29.77 · moderate

CoreWeave

HQ: United States

Specialized GPU cloud provider offering NVIDIA-powered infrastructure for AI training and inference at scale. Major supplier to OpenAI, Micr…

Score 29.93 · moderate

Stripe

HQ: United States

Global payments infrastructure company using AI for fraud detection (Radar), revenue optimization, and billing intelligence. Integrates mach…

Score 29.97 · moderate

Harvey

HQ: United States

AI platform purpose-built for legal professionals. Provides contract analysis, legal research, due diligence, and document drafting powered …

Score 30.27 · moderate

LexisNexis

HQ: United States

Legal research and analytics giant offering Lexis+ AI, combining proprietary legal content and fine-tuned models with frontier LLMs to deliv…

Score 30.29 · moderate

Arize AI

HQ: United States

ML and LLM observability platform for monitoring model performance, drift, and evaluating generative AI applications. Offers Arize Phoenix o…

Score 30.6 · moderate

Grammarly

HQ: United States

AI writing assistant offering grammar checking, style suggestions, and generative AI features. Uses a combination of proprietary NLP models …

Score 30.74 · moderate

Moveworks

HQ: United States

Enterprise AI platform for IT service desks and employee support. Automates ticket resolution, knowledge retrieval, and workflow actions acr…

Score 30.84 · moderate

Zendesk

HQ: United States

Customer service and engagement platform with AI-powered features including automated ticket resolution, agent assist, and intelligent triag…

Score 30.94 · moderate

Galileo

HQ: United States

LLM evaluation and observability platform focused on hallucination detection, reliability scoring, and generative AI quality assurance. Offe…

Score 30.97 · moderate

Bloomberg

HQ: United States

Global financial information and media company that developed BloombergGPT, a 50B-parameter proprietary LLM trained on financial data. Embed…

Score 31.1 · moderate

Weights & Biases

HQ: United States

MLOps platform for experiment tracking, model versioning, dataset management, and AI evaluation. Used across the AI industry for training ob…

Score 31.11 · moderate

Anyscale

HQ: United States

AI infrastructure company building on the open-source Ray distributed computing framework. Provides Anyscale Platform for scalable AI traini…

Score 31.15 · moderate

Buyer checklist

Request the most recent SOC 2 Type II report under NDA before contracting.
Confirm the observation window covers at least the past 12 months.
Read the auditor's exceptions section — every report has them; the question is severity.
Verify the trust services criteria in scope (Security is required; Availability and Confidentiality are usually included; Privacy and Processing Integrity are optional).
Ask for the vendor's plan to address any exceptions in the next attestation cycle.

Compliance is necessary, not sufficient. Holding SOC 2 Type II is a meaningful baseline, but no certification covers AI-specific risk end-to-end. Layer this on top of vendor-specific diligence — sub-processor disclosure, training-data policy, model card transparency, dependency-chain mapping.

AI vendors with SOC 2 Type II

Vendors with SOC 2 Type II

Buyer checklist

Related compliance frameworks