For AI advisory firms & independent consultants

Deliver auditor-grade AI risk assessments to your clients in about 20 minutes.

Whether you're a boutique advisory firm or a fractional compliance lead, the risk assessment is your deliverable. Thalus produces it — defensible, co-branded, and consistent across every client.

One workspace, every client engagement isolated — assess anyone's AI, not just your own.
Export co-branded, white-label reports under your logo, with your executive summary on top.
Keep your methodology — an opinionated default plus custom risk categories that map to the base taxonomy.

Run a client assessment free

See how it works

1 free assessment · no card required · no sales call

6.5 hours of manual work → about 20 minutes, co-branded under your name.

Built onMIT AI Risk RepositoryNIST AI RMFEU AI ActISO 42001In early conversations with a Fortune 500 digital-engineering firm and a top-10 audit & advisory firm

The problem

The assessment is your deliverable. It still takes 6.5 hours in Word.

6.5 hrs

By hand, every time

You stitch Word, Excel, ChatGPT and framework PDFs into one assessment — per use case, per client.

Inconsistent

Hard to defend

Every assessment looks a little different, and the reasoning lives in one person's head instead of a repeatable method.

Quarterly

Regulation keeps moving

NIST, ISO 42001 and the EU AI Act shift faster than a hand-built template can keep up.

How it works

Three steps from intake doc to client-ready report.

Drop in the documents
Upload the artifacts your client already has — a charter, a one-pager, a PRD, an architecture doc. No new questionnaire.
The engine assesses
Thalus analyzes against a proprietary taxonomy synthesized from the MIT AI Risk Repository and NIST AI RMF — each risk with its evidence and required controls, the EU AI Act tier, and a flag on anything it couldn't determine.
Export the report
Toggle NIST, EU AI Act and ISO 42001 lenses in one click. Export a co-branded PDF with your executive summary on top.

Why Thalus

Purpose-built for the assessor — not the assessed.

Multi-client by design

One workspace, every client engagement isolated with its own data and permissions — built to assess anyone's AI, not just your own.

Co-branded, white-label output

The report goes out as your deliverable, with your logo and executive summary on top.

Tri-framework lens-switching

Re-frame any assessment through NIST AI RMF, the EU AI Act, or ISO 42001 with one click.

Your method, kept

An opinionated default plus custom risk categories that map to the base taxonomy — flex it to each client without starting over.

6.5 hours of manual assessment → about 20 minutes.

And the result is more defensible, not less — every risk carries its evidence and maps to the framework your client asked for.

What your client sees

Identified risks, recommended controls, and an EU AI Act tier.

The report opens with two numbers — risks identified and controls required — then lets you drill into the evidence behind each.

Risks identified

Every risk traced to the document excerpts behind it and marked as a contributor, mitigator, or missing-evidence signal — with severity and confidence under a named theme.

Controls required

The controls each risk needs, with present / operating / relevant status and every treatment gap flagged for follow-up.

EU AI Act tier

An overall tier with plain-English reasoning — plus an honest list of what it couldn't determine and exactly what to upload to be sure.

Prohibited

Banned practices — social scoring, certain biometric uses.

High-risk

Hiring, credit, biometrics, critical infrastructure.

Limited

Transparency duties — chatbots, generated-content disclosure.

Minimal

Most AI. Few or no obligations under the Act.

Pricing

Buy a non-expiring bundle, or subscribe when it's worth it.

Free · 1 assessment

$500

5-assessment bundle · never expire

$500/mo

Subscription · ongoing

Enterprise

Book a demo

See full pricing

Not running assessments for clients?

Same product, a path tuned to how you work.

We build or deploy our own AI →

SMB to mid-market teams that need to govern the AI they ship — get your risks, controls, and EU AI Act tier from the docs you already have.

We build or sell AI products →

Especially hiring and HR tools (Annex III high-risk under the EU AI Act). Generate the risk evidence buyers and insurers ask for — before they ask.

Questions

What partners ask first.

Does it replace my judgment?

No. Every assessment is a draft for you to review, edit, and sign off — Thalus accelerates the partner's judgment and never reaches your client as a black-box result.

Is it safe to run client documents through Thalus?

Thalus is a productivity tool in your workflow, not a system of record, and you're processing documents your client has already authorized you to handle. Working under strict confidentiality clauses? Ask us how we handle data before you upload — and yes, our SOC 2 (Type I) is in progress.

Which frameworks does it cover?

NIST AI RMF, the EU AI Act, and ISO 42001 — switch any assessment between all three with one click.

Do I need a card to try it?

No. The free tier runs one full assessment with no card and no sales call.

Run your next client assessment in about 20 minutes.

Bring a real project doc. Run it free — no card, no sales call.