from Hacker News

Show HN: A free AI risk assessment tool for LLM applications

by percyding99 on 5/15/25, 12:50 PM with 14 comments

We’ve built an AI risk assessment tool designed specifically for GenAI/LLM applications. It's still early, but we’d love your feedback. Here’s what it does:

1. it performs comprehensive AI risk assessments by analyzing your codebase against different AI regulation/framework or even internal policies. It identifies potential issues and suggests fixes directly through one click PRs.

2. the first framework the platform supports is OWASP Top 10 for LLM Applications 2025, upcoming framework will be ISO 42001 as well as custom policy documents.

3. we're a small, early stage team, so the free tier offers 5 assessments per user. If you need more, just reach out, happy to help.

4. sign in via github is required. We request read access to scan code and write access to open PRs for fix suggestions.

5. we are looking for design partners to collaborate with us. If you are looking to build compliance-by-design AI products, we'd love to chat.

product url: https://www.gettavo.com/app

we'd really appreciate feedback on:

- what you like

- what you don't like

- what do you want to see for the next major feature

- bugs

- any other feedback

feel free to comment here or reach out directly: email: percyding@gettavo.com, linkedin: https://www.linkedin.com/in/percy-ding-a43861193/

  • by hiatus on 5/16/25, 3:25 PM

    Have you been through any sort of audit like SOC 2 or ISO 27001? Can't see any enterprises even engaging in a conversation without something like that.

    As a person who works in security in a large enterprise, I'd expect some kind of audit, pentest results, and more available in some type of trust center. And that's before we even send a security questionnaire that digs into your processes and controls.

  • by Cynddl on 5/16/25, 10:36 AM

    I see on the landing page a screenshot with "Test for GDPR PII compliance", suggesting that this tool is probably not ready for any serious usage.

    Anyone in the regulation landscape would know that GDPR is a EU data protection law, and PII a US concept which doesn't apply in the GDPR. The GDPR uses the concept of ‘personal data’, not ‘personally identifiable information’. This is not just a wording issue. Redacting, masking, removing information which appears to be ‘personally identifiable’ only constitutes pseudonymisation in the GDPR which does not offer any meaningful privacy protection.

  • by alickz on 5/16/25, 11:17 AM

    Cool idea

    Though the "Privacy" link on your homepage doesn't work

    Do you use scanned repositories for training or other purposes?

  • by Urahandystar on 5/16/25, 9:01 AM

    I get the feeling you're about to make a whole lot of money. I'd move away from enterprise and try to aim for hobby coders with a micro transactions.