You're filling out a vendor risk assessment for your company's next AI deal. The model benchmarks take five minutes. The legal and governance section? That's where procurement goes to die.

This isn't another single-vendor post-mortem. Over the past week, every major AI provider — OpenAI, Google, xAI, and Anthropic — caught a different flavor of governance shrapnel. Individually, each story got its coverage. But procurement doesn't evaluate vendors individually. It stacks them side by side. Here's the side-by-side scorecard we haven't run yet.

Five Dimensions, Four Vendors, One Week

Enterprise AI procurement evaluates five dimensions beyond model quality: corporate structure, leadership stability, regulatory exposure, data governance, and litigation risk. Here's where each vendor stands as of April 18.

xAI: 0 of 5. The backstory that made April brutal: by March 28, every one of xAI's 11 co-founders had departed. Musk himself admitted it was "not built right." Then on April 14, the NAACP sued xAI for running 27 unpermitted gas turbines in Mississippi, pumping 1,700 tons of nitrogen oxide per year to power data centers. Corporate structure a founder called broken. Zero original leaders remaining. Unpermitted industrial operations. No published data governance policy. Active environmental lawsuit. Failing all five takes talent.

OpenAI: 2 of 5. Failed corporate structure, leadership stability, and litigation risk. The structural erosion started months ago — in February, OpenAI removed the word "safely" from its mission statement and ceded 74% of nonprofit control. Now the bill comes due: their fraud trial with Elon Musk begins April 27 — four weeks, jury, with Altman, Musk, Brockman, and Nadella all testifying. A Tufts University professor called it "a test case for how we oversee organizations that can do enormous benefits and catastrophic harm." When your CEO takes the witness stand, leadership stability fails by definition.

Google: 3 of 5. Failed regulatory exposure and litigation risk. On April 14, the DOJ issued final antitrust remedies banning exclusive distribution deals for Search, Chrome, and Gemini. If your enterprise AI contract includes bundled Google services, legal needs to re-examine it. Google passes the other three — stable leadership, documented data governance, intact corporate structure — but the regulatory overhang colors everything.

Anthropic: 4 of 5. Passed corporate structure, leadership stability, data governance, and litigation risk. Dropped one on regulatory exposure — not for violations, but for geopolitical friction. More below.

Anthropic's structural case is the strongest in the field. Ex-OpenAI safety researchers founded it. A Long-Term Benefit Trust — a legal structure (think Mozilla Foundation) that prevents profit motive from overriding safety decisions — governs the company, now holding a board-appointed majority. Published Responsible Scaling Policy. Eighty percent of revenue from enterprise. Eight of the Fortune 10 as customers. $30B in annualized revenue, investor offers north of $800B, and a $100M Claude Partner Network with Accenture training 30,000 professionals and Cognizant giving 350,000 associates Claude access.

The enterprise pitch writes itself: "We're the ones who aren't getting sued."

The Cracks You Should Still Notice

Here's where the cat sharpens its claws on Anthropic's couch too.

Anthropic isn't scandal-free — it's scandal-different. The Pentagon blacklisted the company as a "supply chain risk" after Anthropic refused military applications. Dario Amodei visited the White House on April 17 trying to smooth things over. They withheld their most powerful model, Mythos, from public release because it found bugs in every major operating system — responsible, yes, but "too powerful to release" is its own kind of headline.

Outages hit March 2, April 7, April 8, and April 15. If you're a Claude-only shop, you flew without a parachute during those windows. No real board conflict has ever stress-tested the Long-Term Benefit Trust. And the EU AI Act's Article 50 transparency deadline hits August 2, 2026, requiring machine-readable watermarks and AI disclosure. That's when "responsible" branding meets actual compliance paperwork.

What This Means for Your Risk Assessment

Here's the distinction the scorecard reveals: Anthropic's governance risks come from being too principled — refusing military contracts, withholding dangerous models. Competitors' risks come from abandoning principles — removing "safely" from mission statements, losing every co-founder, polluting Mississippi air.

For procurement teams filling out that risk assessment today, Anthropic isn't the safest AI vendor. It's the vendor with the fewest self-inflicted governance wounds. That's a real advantage, but a fragile one. It evaporates the moment Anthropic cuts a corner instead of holding the line.

In the AI market of April 2026, governance is the last thing you can't copy from a competitor's API docs. Anthropic built a moat — not from its own fortress walls, but from everyone else's rubble. And rubble, eventually, gets cleaned up.