AI buyer guide

How to vet an AI agency and spot red flags

Most AI projects fail on the vendor, not the technology. This is a practical checklist for vetting an AI agency, with the warning signs that separate builders who ship from those who demo and disappear.

How do you vet an AI agency and spot red flags? Ask for production systems you can verify, not slide decks or pilots. A credible AI agency shows live deployments, names a technical owner, explains where your data goes, prices by scope (not hype), and commits to measurable outcomes in writing. Red flags include guaranteed results, no working references, vague data policies, and pressure to sign fast.

Start with proof of shipped work

The single strongest signal is production software you can inspect. Anyone can build a polished demo or run a paid pilot that quietly never reaches users. Ask the agency to point to systems that are live and handling real traffic, then verify them yourself. A team that has deployed across multiple markets, or runs its own product in production, has had to solve the unglamorous parts: error handling, monitoring, data quality, and the long tail of edge cases that demos skip.

Interrogate data handling and security

AI systems run on your data, so how an agency treats it is non-negotiable. Get clear answers, in writing, on where data is stored, which models and providers it passes through, whether it is used for training, and how it is deleted. If you operate in the EU, confirm GDPR alignment and a data processing agreement. Vague reassurance here is itself a red flag, because a serious team has answered these questions many times and will not hesitate.

Match pricing to scope, not to hype

Good AI pricing maps to a defined scope of work with clear deliverables, milestones, and an owner for each. Be wary of quotes that balloon on the word 'AI', flat retainers with no defined output, or proposals that hide the ongoing cost of models, infrastructure, and maintenance. Ask for a written breakdown of build cost versus running cost, and what happens to the system if you stop paying. The goal is a system you control, not a dependency you rent forever.

Spot the red flags before you sign

Bad AI vendors share a recognizable pattern. They sell certainty no honest builder can promise, they cannot produce verifiable references, and they create false urgency to shorten your diligence. Slow down and run the checklist below.

If a vendor passes proof-of-work, data handling, pricing transparency, and ownership, you are dealing with a builder. If they stumble on more than one, keep looking.

Frequently asked questions

How do I vet an AI agency before hiring them?

Verify production work first. Ask for live AI systems you can inspect, a named technical owner, written answers on data handling, and a scoped quote with build versus running costs. Then start with a small paid project before committing to a large one. Builders welcome this; vendors who only demo will resist it.

What are the biggest red flags of a bad AI vendor?

Guaranteed results, no verifiable references, vague data policies, pressure to sign fast, buzzwords with no plain explanation, and no plan for what happens when the AI is wrong. Any single one warrants caution. Two or more together usually mean the agency cannot deliver production software and is selling a demo.

How can I tell if an AI agency is a scam?

Scammy AI agencies promise certainty, refuse to show live systems, and rush you past diligence. They charge premium fees for thin wrappers around public APIs, withhold code and data ownership, and disappear after launch. Legitimate agencies show shipped work, explain their stack plainly, and put measurable outcomes in writing.

What questions should I ask an AI agency in the first call?

Ask: What is one AI system you built that is live today? What breaks when it fails? Where does my data go and is it used for training? Who is the technical owner? What does this cost to build versus run? Do I own the code and prompts? Clear, specific answers signal a real builder.

Should an AI agency guarantee results?

No. AI outputs are probabilistic, so any guarantee of specific results or revenue is a red flag. A credible agency commits instead to measurable targets, accuracy ranges, evaluation methods, and timelines in writing. They will say what success looks like and how it is measured, not promise outcomes no honest builder can control.

How much should an AI project cost?

Cost depends on scope, but it should map to defined deliverables and milestones, not to the word 'AI'. Expect a written split between one-time build cost and ongoing run cost (models, infrastructure, maintenance). Be wary of flat retainers with no defined output or quotes that hide recurring fees you cannot predict or control.

What is the difference between a real AI build and an AI demo?

A demo works on cherry-picked inputs in a controlled setting. A real build runs in production: it handles bad inputs, monitors itself, logs errors, recovers from failure, and is tested on your actual data. Ask any agency to run a small test on your inputs, not theirs. Demos impress; production systems endure.

How do I check an AI agency's references?

Ask for live systems and named contacts, then verify independently. Talk to a technical stakeholder, not just the buyer, and ask what broke and how the agency responded. Search for the agency's own products in production. Track record across multiple markets or industries signals they have shipped beyond a single lucky project.

What should an AI agency contract include?

A clear scope with deliverables and milestones, code and data ownership, a data processing agreement, defined build and run costs, acceptance criteria, and a documented handover. It should state what happens to the system if you stop paying. If ownership and exit terms are missing, you are renting a dependency, not buying an asset.

Is it a red flag if an AI agency uses lots of jargon?

Yes, when jargon replaces clarity. Terms like agentic, RAG, and LLMOps are legitimate, but a good agency explains in plain language what they will build, why, and what it will do for you. If they cannot translate the buzzwords into outcomes and a concrete plan, the complexity is hiding a lack of substance.

How important is data security when choosing an AI agency?

Critical. AI systems process your data, so confirm in writing where it is stored, which model providers see it, whether it trains their models, and how it is deleted. For EU operations, require GDPR alignment and a data processing agreement. Vague answers are a red flag, since experienced teams have addressed these questions many times.

Should I start with a small project or a full engagement?

Start small. A scoped paid pilot with clear acceptance criteria lets you test the agency's communication, code quality, and delivery before a large commitment. Builders welcome a small first step that proves value. Vendors who push for a big upfront contract and resist a smaller proof are showing you a red flag.

How do I know if an AI agency can actually build production systems?

Look for evidence of operational maturity: monitoring, error handling, evaluation pipelines, and uptime they can speak to. Ask how they handle a model giving a wrong answer in production. Agencies that ship their own products, like Digiton with its Parci real-estate platform deployed across markets, have lived with the realities of running AI, not just building it.

What does a trustworthy AI agency look like?

It shows live, verifiable systems, names a technical owner, explains its stack and data handling plainly, prices by scope with build and run costs separated, commits to measurable outcomes in writing, and gives you ownership of code and data. It is comfortable starting small and honest about what AI cannot do. Substance over slogans.

Related

AI answers knowledge baseAI agency pricing in Portugal (2026 data)AI agency in Lisbon

Ready to put AI to work?

Book a discovery audit and we will map the highest-ROI AI agents and automations for your business.

Book a discovery audit →