About TestMy.AI · est. 2025FILE NO. 002 / INDEPENDENT TECHNICAL ASSESSOR

An independent
assessor for AI
that has to be
defended.

We exist for one reason: production AI systems need specialised adversarial testing that governance consultants don't deliver. We test endpoints the way external attackers see them — and we file the evidence your regulator, board and procurement team can all read.

Start an audit Talk to the auditor →

Founded2025

HQSt Petersburg · FL

EMEAIstanbul · TR

LanguagesEnglish · Türkçe

01 / StoryWhy we exist

AI security is an engineering problem — not a slide deck.

Governance consultants handle documentation and process. AI robustness, accuracy and cybersecurity testing requires a different skill set — and a different deliverable. That's the gap TestMy.AI was built to close.

01 · The thesis

The report is the deliverable.

We were founded in 2025 to solve a specific problem: production AI systems require specialised adversarial testing that sits outside traditional compliance consulting. Our 600+ test suite covers prompt injection, data poisoning, output handling, excessive agency and resource exhaustion — every category in the OWASP LLM Top 10 — and every finding is pre-mapped to four frameworks at once.

Black-box · evidence on every finding

02 · By the numbers

Independent. By design.

600+ adversarial tests. Four frameworks mapped on every finding. Two operating regions. One founder who has built, broken and certified AI systems for enterprises in finance, healthcare and tech.

No certification authority claimed

02 / LeadershipWho signs the report

One auditor. One name on the document.

Every Technical Assessment Report is signed by the assessor who ran the tests — not a project manager, not a partner, not an offshore contractor.

Founder & Lead Auditor

Burcin Sarac

AI Expert with enterprise delivery across AI security, compliance and implementation. Author of 'Evaluating AI Agents: From Metrics to Real-World Impact' on 365 Data Science — the industry curriculum on AI assessment. Hands-on building, breaking and certifying AI systems for enterprises in finance, healthcare and technology.

Toptal Top 3%365 DS InstructorOWASP ContributorISO 42001

Operating model

Independent technical assessor

TestMy.AI is not a certification body. We deliver Technical Assessment Reports designed to support your compliance filing alongside qualified legal counsel. No conflicts of interest — we don't sell the platform we test.

Black-boxFixed-scopeNo upsellNDA-first

Coverage

Two regions, two timezones

US operations from St Petersburg, Florida (EST, UTC-5). EMEA operations from Istanbul, Turkey (TRT, UTC+3). Continuous coverage for global engagements and local presence for regulator-facing work.

EST UTC-5TRT UTC+3EnglishTürkçe

Public artefact

OWASP LLM Community Tests

We maintain a public, open-source subset of our test suite on GitHub — 130 community-edition tests aligned to the OWASP LLM Top 10. Used in education, vetted in the wild.

MIT-alignedCommunity130 testsOWASP

LinkedIn Toptal profile →365 Data Science course →Community tests on GitHub →

03 / PrinciplesWhat we stand for

Four rules. No exceptions.

The non-negotiables that shape every engagement — from scoping call to final report.

01 · Black-box

No exceptions.

We test the endpoint as an external attacker sees it. No source code, no model weights, no infrastructure access. The result is reproducible — and defensible.

Endpoint only

02 · Evidence

On every finding.

The exact prompt sent. The exact response received. The pattern or judge that flagged it. Every claim is reproducible from the artefacts in your report.

Forensic-grade

03 · Four frameworks

Same evidence, four filings.

Every finding is pre-mapped to OWASP LLM Top 10, ISO 42001, NIST AI RMF and EU AI Act Article 15 — so one report answers the regulator, the procurement team and the board.

Cross-framework

04 · Independent

We are not the certification body.

No conflict of interest

TestMy.AI is an independent technical assessor. We deliver evidence; your compliance filing is made alongside qualified legal counsel. The EU AI Act conformity-assessment framework for Article 15 is still being established — no firm yet holds formal certification authority, and we will not pretend otherwise.

● Talk to the auditor · not a salesperson

One auditor. One report. One signature.

Hand us an endpoint. We hand you a Technical Assessment Report your legal team, your security team and your board can all open — signed by the assessor who ran the tests.

Start an audit Book a 30-min call →