← Back to all articles

How to Run an AI Vendor POC That Actually Proves Something

By Vance Sterling·8 min read·April 6, 2026

I have watched over 30 AI vendor proof-of-concept engagements across three banks. Roughly 90% of them were designed to confirm a decision someone already made, not to actually test the product. The vendor brought clean data. The internal sponsor picked the easiest use case. The success criteria were so vague that anything short of a server fire counted as a win. Then six months after the contract was signed, the production deployment looked nothing like the POC. Here is how I run POCs now, and why the process matters more than the vendor's slide deck.

Why Most POCs Are Theater

A vendor POC is supposed to reduce risk. In practice, it usually increases it. The vendor controls the environment, the data, and often the narrative. Their solutions engineer is on-site or on-call. They have tuned their model specifically for your sample data set. Everything works beautifully for four weeks. Then they leave, your team inherits it, and reality hits.

At one bank where I led infrastructure, we ran a document extraction POC with a vendor who showed 96% accuracy during the trial. Impressive. We signed. In production, with real customer submissions including handwritten notes, photos of documents taken at odd angles, and forms from 15 different state agencies, accuracy dropped to 61%. The POC had used 200 clean, typed PDFs. Production meant 40,000 messy documents a month.

That experience cost us about $800K in licensing plus six months of integration work before we pulled the plug. It also taught me that the POC structure matters more than the POC results. If you let the vendor design the test, you are not evaluating them. They are selling you.

The fix is not to skip POCs. The fix is to run them like an actual test, with your data, your edge cases, your infrastructure, and success criteria written before the vendor ever touches the environment.

The 5-Point POC Structure That Exposes Reality

Every POC I run now follows five rules. Break any of them and the POC becomes a demo with extra steps.

Rule 1: You supply the data. Not a curated sample. A random pull from production. If the vendor says they need clean data to show capability, that tells you everything. Your production data is messy. If their tool cannot handle messy, it cannot handle your business. I pull data on a random Tuesday, warts and all, and that becomes the test set. At one bank, this single rule eliminated two of four shortlisted vendors before the POC even started. They looked at the data and said they would need 8 weeks of preprocessing. The winner handled it in 3 days.

Rule 2: Your team does the configuration. The vendor can train your people. They can provide documentation. But your analysts and engineers should be the ones setting it up. If only the vendor's solutions architect can make it work, you are not buying software. You are renting a consultant. I score this on a 1-5 scale: how many hours of vendor hand-holding did my team need per task? Anything above 3 hours per core workflow is a red flag.

Rule 3: Define exactly three success metrics before the POC starts. Not five. Not ten. Three. Write them down. Get the vendor to sign off. Get your executive sponsor to sign off. I use this format: metric name, measurement method, minimum threshold, target threshold. Example: Document classification accuracy, measured by comparison against human-labeled test set of 500 documents, minimum 85%, target 92%. If you cannot write your success criteria this specifically, you are not ready for a POC.

Rule 4: Include a failure scenario. Deliberately feed the system something it should reject or flag. Bad data. An edge case from your compliance team's nightmare list. Adversarial inputs if relevant. I want to see how the tool fails, not just how it succeeds. At a bank I worked with, we fed an AI fraud detection tool a batch of transactions that included known false positives from the previous quarter. The vendor's tool flagged every single one, which meant it was just as noisy as what we already had. That saved us a $1.4M contract.

Rule 5: Run for 30 days minimum on a realistic volume. Not a weekend sprint. Not a two-week trial with 50 records. Thirty days with enough volume to see performance degradation, API reliability, latency under load, and how support responds when something breaks at 4pm on a Friday. One vendor I evaluated had a 99.9% uptime SLA. During our 30-day POC, their API went down twice and response times tripled during peak hours. We would never have seen that in a two-week window.

The Scoring Framework: Turning POC Results into a Decision

After the POC, you need a structured way to compare results. Gut feel is how organizations end up with the vendor who had the best salesperson, not the best product.

I use a weighted scorecard with six categories. Accuracy or task performance gets 30% of the weight. Integration complexity gets 20%. Team usability (how easily your people picked it up) gets 20%. Failure handling gets 15%. Vendor responsiveness during the POC gets 10%. Cost per unit of work gets 5%. Yes, cost is last. A cheap tool that does not work is not cheap.

Each category gets a 1-5 score from every evaluator independently. I typically have 3-4 evaluators: one technical lead, one business analyst, one operations person, and the executive sponsor. They score without seeing each other's numbers first. Then we compare. If there is more than a 2-point spread on any category, we discuss it before finalizing. That discussion is often where the real insights surface.

The math is simple. Multiply each category score by its weight, sum them up, and you have a composite score out of 5. In the last three vendor selections I ran, the composite scores were close enough (within 0.4 points) that the discussion mattered more than the numbers. But the structure forced specific conversations instead of vague preferences.

One thing I always add: a written summary from each evaluator answering one question. Would you want to work with this vendor's product and team for the next three years? That question catches things the scorecard misses. Cultural fit, documentation quality, how the vendor treated your junior team members during setup. I have seen a vendor score highest on the numbers but get zero yes answers on that question. We went with the second-place vendor. Two years later, that was clearly the right call.

Reference Checks That Go Beyond the Vendor's Handpicked List

Every vendor gives you three references. Those references are clients who love them. They are useless for evaluation. You need to find your own references.

Here is how I do it. I ask the vendor for their full client list or at least the industries they serve. Then I work my network. In banking, the community is small enough that two or three phone calls will get you to someone running the same tool. LinkedIn works too. Search for the vendor name, filter by your industry, and reach out to people who list the tool on their profile or in their job descriptions.

When I get a reference on my own, I ask five specific questions. How long from contract signing to production deployment? What broke during the first 90 days? How responsive is support when something is actually down, not just a question? Have they raised prices at renewal, and by how much? And would you pick them again if you were starting over? That last question gets honest answers about 80% of the time. The ones who pause before answering are telling you everything.

At one evaluation, the vendor's official references were glowing. But I found a mid-size bank through my network that had deployed the same product 18 months earlier. Their answers: deployment took 11 months instead of the quoted 4. The first 90 days required a dedicated vendor engineer on-site because the documentation was incomplete. Support response times averaged 6 hours for critical issues. And prices went up 35% at the first renewal with no negotiation room. We used that information to negotiate a fixed-price implementation with penalties for timeline overruns. The vendor agreed because they wanted the deal. We would never have had that leverage without the independent reference.

Budget 2-3 weeks for reference checks. Do them after the POC, not before. You want to ask references about specific behaviors you observed during testing. Did their API also slow down during peak hours? Did their team also struggle to explain the configuration to non-technical users? Specific questions get specific answers.

Free Resource

Want the Complete AI Leadership Playbook?

The complete AI leadership framework — strategy, governance, and implementation in one book.

Get the Book on Kindle

Actionable Takeaway

Before your next vendor POC, write down exactly three measurable success criteria using this format: metric name, measurement method, minimum threshold, target threshold. Share them with the vendor and your executive sponsor before the POC starts. If you cannot fill in all four fields for all three metrics, you are not ready to test. Do not start until you are.

This article covers a core framework from The Executive's AI Playbook. The complete playbook includes printable scorecards, additional real-world examples, and full implementation checklists.

Get the complete framework →

Get the AI-First Leader on Kindle

The complete AI leadership framework — strategy, governance, and implementation in one book.

Not ready to buy?

Start free: 5 AI Questions Every Executive Must Answer Before Investing →

Free PDF guide. No spam.