> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AI-powered enrichment

> How VendexLabs researches vendors with agent-based research and evidence-backed scoring.

Most vendor programs start with a spreadsheet and a stack of PDFs. VendexLabs starts with **research**. When you add a vendor, an agent-based research pipeline builds a current, evidence-backed profile automatically — so you're reviewing a live picture instead of assembling one by hand.

## Agent-based research

VendexLabs gathers vendor intelligence from public sources using a combination of large language models and live web search, then structures the results into the profile that powers scoring:

* **Multi-source research** — language-model research (Perplexity, OpenAI) is combined with live web search to assemble a dossier across security, privacy, operations, and business signals.
* **Evidence and citations** — factual fields are tracked back to their **sources**. Each domain's analysis on the GRC Posture tab links out to the pages the research drew from, so a score is never a black box.
* **Confidence, stated honestly** — each domain carries an **evidence badge** (for example, *Strong evidence* or *Moderate evidence*) describing how much the research had to work with. Where the public record is thin, VendexLabs says so rather than inventing certainty.

<Info>
  Enrichment covers distinct sections — company basics, security posture, privacy controls, operational and business maturity, logo, and GRC scores. New custom vendors run the full pipeline; existing vendors are refreshed on a schedule so the picture stays current.
</Info>

## From evidence to a score

The research feeds the five-domain [risk score](/concepts/risk-scoring): Compliance, Privacy, Breach & threat track record, Operational maturity, and Business & financial stability. Scoring is a **deterministic rollup** of the evidence — the same inputs always produce the same score — which keeps results explainable and reproducible.

## AI assessment comments

When you write up an assessment, VendexLabs can **draft the review comments for you**. Based on the vendor's evidence, it can suggest a security-risk comment and a compliance-review comment, and flag a short list of **open items** — genuine evidence gaps worth verifying before you sign off.

<Check>
  Suggestions are a starting point, not the decision. If you provide a draft, VendexLabs refines it rather than replacing your words — you stay the author, and the audit log records what you approved.
</Check>

## Continuous, not point-in-time

Because enrichment refreshes over time and [monitoring](/guides/recent-events) watches for new incidents, a vendor's profile keeps pace with reality. This is the core idea behind VendexLabs: turning static security documentation into live vendor intelligence you can make decisions on.

<Card title="Risk scoring" icon="chart-simple" href="/concepts/risk-scoring">
  See exactly how the researched evidence becomes a score and a recommendation.
</Card>
