SMBs without legal teams sign AI vendor MSAs that lock them in via seven recurring clause patterns: (1) data-portability narrowness (prompts/embeddings/agent state excluded from 'your data' definitions), (2) auto-renewal with short notice windows, (3) model-deprecation rights without credit, (4) sub-processor expansion without consent, (5) output-IP ambiguity, (6) pricing escalator without cap, (7) termination-data export window too short. Pattern recognition + a 1-page checklist applied before signature is the practical defence. Five questions emailed to the vendor sales rep before signing — and their willingness to answer in writing — is itself a signal.

SMB-specific procurement piece. Lead-magnet pair with RES-005 (AI MSA Red-Team Checklist downloadable). Cadence 45-day (vendor MSA template revisions + EU AI Act enforcement guidance both move at this cadence). Trigger conditions: major AI vendor MSA template revision (Microsoft, OpenAI, Anthropic, Google all publish public MSAs); new EU AI Act Article 16 implementation guidance affecting deployer obligations; SMB-tier consumer protection rulings on auto-renewal / data-portability. Sister claims: AM-145 (enterprise-tier exit clauses), OPS-014 (vendor due diligence small business), RES-005 (MSA red-team checklist).