AI Security & Compliance. Verified.

From rapid risk assessments to board-level adversarial testing. AI security audits mapped to OWASP LLM Top 10, ISO 42001, NIST AI RMF, and EU AI Act for startups to enterprise.

Per-system pricing. Single AI application or use case = one audit. Additional endpoints scoped individually based on system complexity.

Discovery Assessment

$3,500 / system | 5 Business Days

Perfect for: Startups & Initial Checks

Fast gap analysis to identify critical AI security and compliance issues and decide if full assessment is needed. This is an internal diagnostic tool, not for regulatory submission.

What's included

•Single System (3 Endpoints)
•600+ Static Tests
•Findings Report Only (5-7 pages)
•Critical and high-severity findings
•Compliance impact assessment (OWASP, ISO 42001, NIST, EU AI Act)
•General remediation categories
•$3,500 credit toward full assessment (within 30 days)
•Static baseline coverage only (no adaptive follow-up)
•❌ No evidence logs or reproduction steps
•❌ No detailed technical guidance
•❌ No re-test or assessment letter

Best For

•Startups evaluating security and compliance posture
•Budget approval and planning
•Compliance consultants scoping engagements

Deliverable

Executive summary identifying critical AI security gaps for internal use.

Book Assessment See Sample

Technical Compliance Assessment

$9,500 / system | 7-10 Business Days

Perfect for: SaaS & Regulatory Submission

Complete AI security and compliance assessment with evidence documentation for findings, detailed remediation guidance, and official Technical Assessment Report. Suitable for regulatory submission and board presentation.

What's included

•Single System (5 Endpoints)
•600+ Static Tests
•Adaptive follow-up testing when controls fail
•Full Audit Report + Assessment Letter (20-30 pages)
•Evidence logs and reproduction steps for findings
•Accuracy verification vs declared metrics
•Detailed remediation architecture (security patterns)
•Multi-framework compliance mapping (OWASP LLM Top 10, ISO 42001, NIST AI RMF, EU AI Act)
•One re-test included (verify fixes)
•Technical Assessment Report
•Debrief call with lead auditor
•Additional endpoints: +$1,500 each

Test Coverage

•Prompt injection (direct, indirect, encoded, multimodal)
•Sensitive information disclosure
•Data poisoning and backdoor detection
•Improper output handling (XSS, SQLi, command injection)
•Excessive agency and privilege escalation
•System prompt leakage
•Adversarial robustness
•Resource exhaustion and DoS

Deliverable

Regulator-ready PDF report with evidence documentation and Technical Assessment Report.

Request Assessment See Sample Report

High-Assurance Audit

Custom Quote | 2-3 Weeks

Perfect for: Fintech, Health & Enterprise

Beyond compliance - adversarial red teaming with adaptive testing that simulates motivated attackers. For high-risk industries requiring maximum assurance.

What's included

•Unlimited Endpoints (subject to fair use)
•600+ Static Tests
•Adaptive follow-up testing when controls fail
•Adaptive red teaming for high-risk industries
•Custom focus areas (Fintech/Health/Bias requirements)
•Full Audit Report + Assessment Letter
•Evidence logs and reproduction steps for findings
•Accuracy verification vs declared metrics
•Detailed remediation architecture (security patterns)
•Multi-framework compliance mapping (OWASP LLM Top 10, ISO 42001, NIST AI RMF, EU AI Act)
•One re-test included (verify fixes)
•Technical Assessment Report
•Strategic consulting on systemic risks

Best For

•Financial services and banking
•Healthcare and life sciences
•Critical infrastructure
•Enterprises with complex AI deployments

Deliverable

Board-level risk assessment with forensic-level analysis and strategic consulting.

Contact Sales Learn More

Service Comparison

Feature	Discovery Assessment	Technical Compliance Assessment	High-Assurance Audit
Best For	Startups & Initial Checks	SaaS & Regulatory Submission	Fintech, Health & Enterprise
Price	$3,500 / system	$9,500 / system	Custom Quote
Turnaround	⚡ 5-7 Business Days	7-10 Business Days	2-3 Weeks
Scope	Single System (3 endpoints)	Single System (5 endpoints)	🎯 Unlimited endpoints (fair use)
Testing	600+ static tests (baseline only)	🔥 600+ static tests + adaptive follow-up	600+ static tests + adaptive follow-up
Accuracy Verification	❌ Not included	✅ Declared metrics reproduced and validated	✅ Comprehensive KPI validation
Deliverable	Findings summary (5-7 pages)	✅ Full Audit Report + Technical Assessment Letter	✅ Full Audit Report + Technical Assessment Letter
Evidence Package	❌ Findings only (internal use)	✅ Evidence logs + reproduction steps per failed test	✅ Evidence logs + reproduction steps per failed test
Adaptive Coverage	❌ None (static only)	1-2 variants per critical/high finding	1-2 variants per critical/high finding + custom attack paths
Re-Testing	❌ Not included	✅ 1 Re-Test (failed tests only)	✅ 1 Re-Test (failed tests only)

⚖️ Legal Disclaimer

TestMy.AI Technical Assessment Reports document security testing performed against industry frameworks including OWASP LLM Top 10, ISO 42001, NIST AI RMF, and EU AI Act technical requirements. They do not constitute legal certification, regulatory approval, or guarantee of compliance. Clients should consult qualified legal counsel regarding their compliance obligations.

Frequently Asked Questions

What is the difference between Discovery vs. Technical Compliance Assessment?

Discovery Assessment ($3,500): Internal diagnostic only. Findings + severity ratings to inform budget decisions. No evidence logs, reproduction steps, adaptive testing, accuracy verification, or re-test. Not for regulatory submission.

Technical Compliance Assessment ($9,500): Regulatory submission ready. Same 600 static tests plus:

Adaptive follow-up when controls fail
Accuracy verification vs. declared metrics
Evidence logs + reproduction steps for every failed test
Two extra endpoints (5 total) and one re-test
Remediation architecture guidance + Technical Assessment Report

Can I upgrade from Discovery to Technical Assessment later?

Yes. Upgrade within 30 days and the $3,500 credits toward the $9,500 Technical Assessment. The upgrade delivers accuracy verification, adaptive follow-up, evidence packaging, and the full Technical Assessment Report without making you restart the engagement.

How do you define a 'system' and handle additional endpoints?

A system = one AI use case (e.g., customer support bot). Discovery covers 3 endpoints. Technical Assessment covers 5 endpoints (extra endpoints are +$1,500). High-Assurance includes unlimited endpoints within fair use.

Do you provide remediation support or work with our consultants?

Yes. Technical Assessment includes remediation architecture guidance (security patterns, controls to implement), verification tests, and a debrief call without any code handoff. We regularly partner with compliance consultants who handle governance while we deliver the technical evidence.

How does this complement SOC 2 / ISO 27001?

SOC 2 and ISO focus on controls and documentation. AI security requires independent technical testing. Our evidence maps to OWASP LLM Top 10, ISO 42001, NIST AI RMF, and EU AI Act Article 15 clauses and helps close AI-specific findings raised in SOC 2/ISO audits.

What frameworks do you test against?

We test against OWASP LLM Top 10 (industry-standard AI security), ISO 42001 (AI management systems), NIST AI RMF (risk management framework), and EU AI Act Article 15 (robustness and cybersecurity requirements for high-risk AI). All 600+ tests are mapped to these frameworks.

What if we use multiple AI platforms?

We are vendor-neutral. Azure, AWS, OpenAI, Anthropic, self-hosted. We test via APIs/endpoints without needing internal access.

Can I see a sample report?

Yes. Visit sample reports to see both the Discovery and Technical Assessment outputs. You can also review our Community Edition on GitHub for sample OWASP LLM Top 10 tests.

Do you sign NDAs and support enterprise procurement?

Yes. NDA or MSA is standard. We handle security questionnaires, vendor onboarding, and provide evidence for procurement teams.

Ready to assess your AI system?

Request an AI security and compliance assessment and we'll have your report in 10 business days.

Discovery Assessment

$3,500 / system • 5 business days

Fast gap analysis for startups and initial checks. $3,500 credit toward full assessment.

Book Assessment

Technical Compliance Assessment

$9,500 / system • 7-10 business days

Full AI security assessment mapped to OWASP, ISO 42001, NIST, and EU AI Act with evidence and re-test. Standard scope: up to 5 endpoints.

Request Assessment

Download: The Technical Gap in AI Security Compliance

Free whitepaper

What SOC 2 auditors miss in AI security assessments.

Download Whitepaper

Response within 24 hours • No obligation scope call • Fixed pricing - no surprise invoices