When investors or acquirers mention "AI due diligence," they often mean one of two things: a brief conversation with a technical co-founder, or a cursory scan of the tech stack by a generalist advisor. Neither constitutes due diligence in any meaningful sense.
The gap between what is claimed and what is actually evaluated is one of the most consistent patterns we see. And when capital is committed based on AI claims that were never independently verified, the consequences tend to surface at the worst possible time.
What due diligence actually means
At its core, due diligence is a structured process for converting uncertainty into knowledge before a decision is made. In a technology or AI context, that means independently assessing whether the technology works as claimed, whether the team can sustain and improve it, and what risks remain undisclosed or underappreciated.
The word "independently" carries weight. A technical conversation with a founder is useful context. It is not independent assessment. An independent assessor has no stake in the outcome, draws conclusions from evidence rather than from enthusiasm, and is willing to say things the founder does not want to hear.
The four things that separate real AI due diligence from the alternative
1. Evidence-graded findings
Not all claims carry the same evidentiary weight. A metric we independently verified against production logs is categorically different from a metric a founder told us during a call. Any assessment worth taking seriously distinguishes between verified findings, corroborated findings, and reported findings. When these distinctions are collapsed, the reader has no way to know how much confidence to place in any given conclusion.
2. Structured dimensions of assessment
AI systems fail in multiple ways and for multiple reasons. A narrow assessment that focuses only on model accuracy, or only on code quality, or only on team credentials will produce an incomplete picture. A complete assessment covers technology architecture, team capability, product-market fit evidence, data governance, security posture, scalability, and commercial alignment. Missing any of these creates blind spots that can become material problems post-transaction.
3. Claims verification, not claims acceptance
One of the most valuable things an independent assessment does is test whether stated metrics hold up. "98% accuracy" is a common claim. The question is: 98% on what dataset, evaluated by whom, under what conditions? We have seen accuracy claims that were technically true and operationally misleading at the same time. Verification requires access to actual system outputs, test data, and methodology, not just a slide deck.
4. A clear verdict
A due diligence report that ends with "there are some considerations to bear in mind" is not a due diligence report. A proper assessment concludes with a structured verdict: proceed, conditional proceed (with specific pre-conditions), or do not proceed. Recommendations should be prioritized and time-bounded. The investor or acquirer should be able to act on the output, not just read it.
Why this matters more with AI
Traditional technical due diligence developed around evaluating software systems: code quality, architecture, scalability, security. AI systems introduce a distinct set of questions that a standard technical review is not designed to answer.
AI system performance depends heavily on the data it was trained on and evaluated against. A model that performs exceptionally well on historical data may behave unpredictably on live data. Claims about accuracy, precision, and recall are meaningful only in relation to specific conditions, and those conditions matter enormously to whether the system will work in production.
Additionally, AI systems often carry governance and regulatory implications that purely functional systems do not. Whether a system falls under a high-risk classification under the EU AI Act, how training data was licensed, whether model outputs were independently evaluated for fairness or bias, these questions have risk implications that extend well beyond whether the code is well-written.
The asymmetry of information in AI is more pronounced than in most technology categories. Founders understand their systems deeply. Investors and acquirers often do not. That gap is exactly what independent due diligence is designed to close.
What to look for when commissioning an assessment
If you are commissioning AI due diligence, three things tell you quickly whether you are working with a rigorous assessor or not.
First, do they have a methodology, and can they explain it clearly? An assessor who cannot articulate how they evaluate AI claims, what evidence they require, and how they rate their findings is unlikely to produce a reliable report.
Second, do they distinguish between evidence levels? If a report does not indicate whether a finding is independently verified or simply reported by the target, it conflates very different degrees of reliability.
Third, do they issue a verdict? Reports that catalogue findings without drawing conclusions leave the decision-maker no better positioned than before the assessment was commissioned. A good report tells you what to do, not just what exists.
If you are considering an AI investment, acquisition, or vendor selection and want to understand what a structured assessment of your specific situation would involve, we are happy to start with a conversation.