Vendor Diligence
A cleaner review path for external AI vendors.
Use CraftedTrust to collect public proof, research, review status, and open questions in one place. MCP Trust becomes part of that workflow when the vendor depends on public MCP servers.
Review packet
Collect the evidence buyers actually use
Public proof, research, policy notes, review status, and open risks should travel together instead of living in separate tools.
MCP-specific input
Use MCP Trust when public MCP is in scope
Registry scores, scan depth, certification status, and linked research become a real buyer input when the vendor exposes MCP endpoints.
Escalation path
Add runtime evidence only where it changes the answer
Not every vendor needs runtime telemetry. CraftedTrust keeps that layer optional and tied to actual risk.
Start broad, then go specific
Use Vendor Diligence when the question is larger than one public MCP server. Drop into MCP Trust when the vendor's public MCP posture needs concrete review. Add Runtime Gateway only when the deployment needs stronger live evidence.