LLM Vendor Selection & Contract Requirements

If a vendor suggests 'manual spot-checking' as the primary validation method.

A single 'mega-prompt' trying to handle reasoning, retrieval, and formatting in one step.

Relying on the LLM's system prompt or 'judgment' to decide if it should access or expose sensitive data from a connected source.

Missing plans for trace logging, token cost tracking, or user feedback capture.

Using generic terms like 'high quality' or 'helpful' without defining atomic, measurable metrics.

Using autonomous agents to decide tool usage when the logic is deterministic.

No plan for how to handle schema changes or document versioning in the knowledge base.

Prepare a generous set of questions/answers. Keep 80% private during development and share only 20% with the vendor to avoid 'overfitting' the solution to the test.

Instead of one 'accuracy' score, use weighted multi-level metrics (e.g., 'Did it cite source?', 'Is tone correct?', 'Is formatting valid?').

Don't demand 95% for a PoC. Define what '70%' actually means-e.g., 30% failure to answer vs. minor formatting issues.

Vendor must provide a framework to automatically re-verify the Golden Set after any change to the model, architecture, or retrieval pipeline.

Strict requirements for PII masking, safety filtering, and tone consistency checks.

Targets for typical generation times. Important for production, but secondary to accuracy during PoC phase.

Target 99.5%+, but recognize AI infra is volatile. Nice to have, not strictly required for early phases.

Useful for tracking outliers and tail-end performance issues.

Detailed chunking, embedding, retrieval (rerankers), and context injection strategy.

Breakdown of token costs, infrastructure, and vector DB hosting at scale.

Speak to a customer who has been in production (not just POC) for >3 months.