HECVAT Category
AI Qualifying Questions
AI Qualifying Questions covers controls and questions related to that domain. It outlines expectations institutions typically require from vendors. The category helps assess risk posture and operational maturity. It provides structure for consistent evaluation during security reviews.
Assessment Questions
Does your solution leverage machine learning (ML) or do you plan to do so in the next 12 months?
Machine learning adoption is the scoping concern here, covering whether your solution uses ML today or plans to within the next twelve months. It's a qualifying question that determines whether additional ML-specific security questions will be asked in the assessment.
Does your solution leverage a large language model (LLM) or do you plan to do so in the next 12 months?
Reviewers want to understand your use of large language models, including whether your solution leverages an LLM today or plans to within the next twelve months. LLMs are AI systems trained on vast amounts of text data that can generate human-like text, answer questions, translate languages, and perform other language-related tasks. Examples include GPT-4, LLaMA, Claude, and similar models.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

