Independent reference. We are independent of every vendor listed. No affiliate links. No sponsored placements.
RFP template

LLM / AI Application Security RFP Template

Eight reusable sections covering scope, pricing, latency, integration, evaluation, residency, compliance and contract.

8
Sections
5
Required OWASP minimums
p95
Latency measure required
EU
Default residency hard requirement

RFP sections (copy-paste)

1. Scope

Vendor shall provide runtime guardrail capabilities covering OWASP LLM Top 10 entries LLM01, LLM02, LLM05, LLM06, LLM07 at a minimum. Coverage of additional OWASP entries should be enumerated explicitly.

2. Pricing transparency

Vendor shall provide a written quote in USD per month for the proposed configuration. Where pricing is volume-tiered, vendor shall enumerate every tier breakpoint.

3. Latency

Vendor shall provide measured p50 and p95 latency in milliseconds for a representative payload of 1,000 chars across each filter type.

4. Integration

Vendor shall support SIEM ingestion via syslog or webhook out of the box. Vendor shall publish an OpenAPI spec for runtime APIs.

5. Evaluation

Vendor shall provide a published benchmark on a recognised dataset (HarmBench, JailbreakBench, or equivalent) with versioned results.

6. Data residency

Vendor shall confirm per-region processing, with EU residency as a hard requirement for EU AI Act scope.

7. Compliance

Vendor shall provide latest SOC 2 Type II report and ISO 27001 certificate. FedRAMP authorisation status shall be disclosed for federal scope.

8. Contract terms

Vendor shall provide list price for 1-year and 3-year commits. Vendor shall not require auto-renewal lock-ins beyond 60 days notice.

Scoring guidance

  • Weight pricing transparency at 25 percent.
  • Weight OWASP coverage at 30 percent.
  • Weight latency at 15 percent.
  • Weight integration depth at 15 percent.
  • Weight compliance and residency at 15 percent.
Last verified June 2026Source: vendor pricing pages. See /methodology.