For teams building & deploying AI

Get a defensible AI risk assessment in about 20 minutes.

Drop in the documents you already have. Thalus returns the risks, the controls you need, and your EU AI Act tier — for any AI system your organization builds or buys, with the evidence behind every finding.

Run a free assessment

See how it works

1 free assessment · no card required · no sales call

6.5 hours→about 20 minutesper use case

Built onMIT AI Risk RepositoryNIST AI RMFEU AI ActISO 42001In early conversations with a Fortune 500 digital-engineering firm and a top-10 audit & advisory firm

The problem

Shipping AI is easy. Proving it's responsible is not.

6.5 hrs

By hand, every time

A proper assessment means stitching Word, Excel, ChatGPT and a stack of framework PDFs into one risk register — per use case.

Moving target

Regulation won't sit still

NIST, ISO 42001 and the EU AI Act keep shifting. A hand-built assessment is out of date the moment it's written.

On demand

Everyone wants evidence

Boards, enterprise buyers, and insurers increasingly ask for AI risk evidence before they'll sign — and "trust us" no longer cuts it.

How it works

Three steps from intake doc to audit-ready report.

Drop in the documents
Upload the artifacts you already have — a project charter, a one-pager, a PRD, an architecture doc. No new questionnaire, no workflow change.
The engine assesses
Thalus analyzes against a proprietary risk taxonomy synthesized from the MIT AI Risk Repository and NIST AI RMF — surfacing each risk with its evidence, the controls it needs, and the EU AI Act tier, while flagging anything it couldn't determine.
Export the report
Switch the same assessment between NIST, EU AI Act and ISO 42001 lenses in one click. Export a clean, audit-ready PDF for your board, buyers, or regulators.

Why Thalus

Built to make AI risk defensible — fast.

Built on real risk research

The MIT AI Risk Repository plus the NIST AI RMF — a proprietary taxonomy, not a checklist someone wrote last quarter.

Tri-framework lens-switching

See the same assessment through NIST AI RMF, the EU AI Act, or ISO 42001 with one click — whichever your board or buyer asked for.

Evidence on every finding

Each risk cites the document excerpt it came from — and Thalus flags what it couldn't determine instead of guessing, so the report stands up to scrutiny.

Works from docs you already have

No new questionnaire, no integration project. Feed it a charter, PRD, or architecture doc and get a result in minutes.

From 6.5 hours of manual work to about 20 minutes — with the evidence to back every finding.

What you get

Identified risks, recommended controls, and an EU AI Act tier.

Every assessment opens with two numbers — risks identified and controls required — then lets you drill into the evidence behind each.

Risks identified

Every risk traced to the document excerpts behind it and marked as a contributor, mitigator, or missing-evidence signal — with severity and confidence under a named theme.

Controls required

The controls each risk needs, with present / operating / relevant status and every treatment gap flagged for follow-up.

EU AI Act tier

An overall tier with plain-English reasoning — plus an honest list of what it couldn't determine and exactly what to upload to be sure.

Prohibited

Banned practices — social scoring, certain biometric uses.

High-risk

Hiring, credit, biometrics, critical infrastructure. The heavy-obligation tier.

Limited

Transparency duties — chatbots, generated content disclosure.

Minimal

Most AI. Few or no obligations under the Act.

Pricing

Simple, usage-based pricing.

Free · 1 assessment

$500/mo

Subscription · ongoing

$500

5-assessment bundle · credits never expire

Enterprise

Book a demo

See full pricing

A different kind of team?

Same product, a path tuned to how you work.

I assess AI for clients →

Advisory firm or independent consultant? Deliver auditor-grade, co-branded risk assessments to your clients — without rebuilding your methodology.

I build or sell AI products →

Especially hiring and HR tools (Annex III high-risk under the EU AI Act). Generate the risk evidence buyers and insurers ask for — before they ask.

Questions

Common questions.

Is the output a black box?

No. Every finding cites the document evidence behind it, and the assessment is a draft you review and sign off — Thalus flags what it couldn't determine instead of guessing.

Is my data safe?

We treat your documents as confidential working data, and our SOC 2 (Type I) is in progress. Working under strict data requirements? Ask us how we handle data before you upload.

Which frameworks does it cover?

NIST AI RMF, the EU AI Act, and ISO 42001 — switch any assessment between all three with one click.

Do I need a card to try it?

No. The free tier runs one full assessment with no card and no sales call.

See your AI's risk tier in about 20 minutes.

Bring a real project doc. Run it free — no card, no sales call.