The 38-item AI MSA red-team checklist organises the contractual review around seven clause families (training-data carve-outs, output ownership + IP indemnification, model-deprecation rights, sub-processor expansion, kill-switch SLA, exit-data portability, regulatory + EU AI Act flow-through) where 2025-2026 enterprise AI MSA failures cluster; vendors scoring yes on 30+ items are contractually serious, 20-29 items are treatable through negotiation, and below 20 signals that the vendor's commercial position depends on retaining the rights the checklist is designed to constrain.

Premise: most enterprise AI MSAs in 2026 are recycled SaaS MSAs with an AI addendum bolted on, and the failure modes cluster in the addendum where standard cloud-procurement legal review is weakest. The 38-item structure is built for a working session between procurement and legal, complementing the operational AI Vendor Security Questionnaire (RES-001). Anchored to AM-121 (IT operations reality), GPT-4 base deprecation 2024, the EU AI Act Article 26 + Annex IV flow-through, and observable 2024-2025 procurement disputes. 60-day review cadence because contract language patterns evolve faster than the regulatory surface.