Does your AI system comply with the EU AI Act?
Identify vulnerabilities, quantify your EU AI Act exposure, and get a remediation plan in minutes.
Methodology: OWASP LLM Top 10 · EU AI Act · NIST AI 600-1 · ISO 42001
550+ attack vectors · 26 multi-turn sequences · 10 evasion techniques · 3 compliance frameworks
0
custom attack prompts
0/10
OWASP LLM Top 10 categories covered
0
integrated compliance frameworks
Proprietary methodology: 223 prompts + 26 multi-turn sequences + 10 evasion techniques.
OWASP LLM Top 10 v2.0 · EU AI Act · NIST AI 600-1 · ISO 42001 · CWE/CAPEC · NIST CSF v2.0
A report that convinces your CTO, your DPO, and your legal team
For each vulnerability: what's wrong, which EU AI Act article it violates, how much it could cost you in fines, and exactly how to fix it.
Explore the data in detail
Your AI system has critical vulnerabilities in transparency, prompt extraction, and sensitive data leakage. Immediate action is required.
Compliance score · Exposure: 3% annual revenue
We audit chatbots built with
550+ attack vectors · 7 frameworks · OWASP LLM Top 10
Get your regulatory exposure assessment
Your AI chatbot URL. Results in ~5 minutes. No commitment.
No credit card · No integration · GDPR-compliant
Due diligence evidence
Documentation that withstands a regulatory inspection
Each report includes compliance score, findings with technical evidence, article-by-article EU AI Act mapping, quantified financial exposure, and a prioritized remediation plan. Exportable in JSON, CSV, and SARIF with JWS cryptographic signatures.
Anonymized real report · No sign-up · Instant access
AI Compliance Assessment: risk diagnosis + remediation + due diligence evidence.
Black-Box Threat Simulation: we assess your AI agent with exactly the same information (none) that a real attacker or the AESIA inspector has. If we can extract your data from the public URL, so can they.
Enter your AI assistant's URL
We only need the public URL. No integration required. No access to your code, infrastructure, or team.
10 secondsProprietary methodology: 46 OWASP vectors
We execute 46 attack vectors based on OWASP LLM Top 10 — the same ones a real attacker or regulatory inspector would use. Results in minutes, not weeks.
~5 minutesCategory: Internal data extraction
Severity: High — Art. 15 EU AI Act
Result: The chatbot revealed internal system instructions
Receive your regulatory exposure assessment
You receive an executive report: compliance score, quantified financial exposure, article-by-article EU AI Act mapping, and prioritized regulatory action plan.
In your emailWhat happens next
Assessment: full report + post-fix validation re-scan. Trust Badge: automated monthly re-scan + monitoring dashboard + verifiable badge. Enterprise: dedicated onboarding + GRC dashboard + CI/CD integrations.
Based on your planFull OWASP LLM Top 10 coverage
Every category assessed with custom prompts, multi-turn sequences, and evasion techniques.
LLM01
Prompt Injection
LLM02
Insecure Output
LLM03
Training Data Poisoning
LLM04
Model DoS
LLM05
Supply Chain Vulns
LLM06
Sensitive Info Disclosure
LLM07
Insecure Plugin Design
LLM08
Excessive Agency
LLM09
Overreliance
LLM10
Model Theft
OWASP LLM Top 10 v2.0 (2025) · 223 prompts · 26 multi-turn sequences
Compare your options for EU AI Act compliance
Compare the real options a European company has to comply with the EU AI Act before August 2026.
| Manual Red Team | Big 4 Consultancy | Ercel | |
|---|---|---|---|
| Time | 4-8 weeks | 8-12 weeks | ~15 minutes |
| Cost | €15-30K | €20-50K+ | €2,500 |
| Attack vectors | 20-30 manual | 10-20 generic | 550+ automated |
| Frameworks | 1 (ad hoc) | 2-3 | EU AI Act + ISO 27001 + SOC 2 + custom |
| Post-fix re-scan | New quote | Not included | Included |
| CI/CD | No | No | API + webhooks |
| Exportable evidence | Manual PDF | Manual PDF | JSON/CSV/SARIF + JWS signature |
| Continuous monitoring | No | No | Dashboard + alerts |
| Admissible as evidence | Expert report | Consultancy report | Technical due diligence + cryptographic signature |
With Ercel
- €2,500 one-time
- Results in minutes
- 550+ automated attack vectors
- Article-by-article EU AI Act mapping
- Remediation plan with deadlines
- Due diligence evidence (PDF)
Without assessment
- No compliance evidence
- No vulnerability visibility
- Exposure: up to 7% global turnover or €35M (Art. 99)
- No defense during regulatory inspection
Up to 7% of annual worldwide turnover or €35M, whichever is greater (Art. 99.3: whichever is lower for SMEs)
Alternatives: Big 4 from €50,000, manual red team €16,000-50,000
Free assessment with compliance score and financial exposure. No commitment.
EU AI Act regulatory roadmap
Reg. (EU) 2024/1689 — Progressive enforcement timeline
Feb 2025
AI Prohibitions (Art. 5)
Prohibited AI systems off the market
Aug 2025
GPAI model rules
Obligations for general-purpose AI models
Aug 2026
High risk (Art. 6-49)
Mandatory assessment for high-risk systems
Prepare now2027+
Full enforcement
Complete sanctions regime in effect
Everything you need for compliance at scale
Built for security, compliance, and GRC teams managing multiple AI systems.
Continuous Monitoring
Real-time dashboard with posture score, configurable alerts, and public verifiable badge.
Posture score 0-100 · 4 alert types · Public SVG badge
GRC & Compliance
Posture score, control owners, evidence tracking, and daily compliance snapshots.
Audit readiness score · Daily snapshots · SLA tracking
Automated Reporting
Configurable PDFs with 8 sections. Monthly or quarterly scheduling with email delivery.
Monthly/quarterly scheduling · Email delivery with PDF
AI System Registry
AI system inventory, Model Cards, Annex IV EU AI Act documentation, and versioning.
Complete Annex IV documentation · Completeness scoring
Enterprise Integrations
Jira, ServiceNow, Azure DevOps, Slack, Teams. Automated finding export.
1-click finding export · Bulk export up to 20
Enterprise Security
SAML SSO, MFA/TOTP, SCIM 2.0 provisioning, and immutable SOC 2 audit trail.
61 audit log event types · SCIM 2.0 · Rate limiting 120/min
Web Accessibility Audit
WCAG 2.1 AA · EN 301 549 · European Accessibility Act. Automated crawler + axe-core. VPAT 2.4 and Accessibility Declaration included.
Learn more about accessibility →What a consultancy takes 8 weeks and €20,000+, automated in 15 minutes
Start with the free assessment. If you need the full report with a remediation plan, choose your plan.
An Ercel audit: €2,500. A non-compliance fine: up to 7% of your revenue.
Regulatory Exposure Assessment
- Compliance score 0-100
- EU AI Act compliance matrix
- Financial exposure quantification
- Severity classification
- Art. 50 transparency check
AI Compliance Assessment
For teams that need to assess EU AI Act compliance and demonstrate technical due diligence.
- Everything in Assessment, plus:
- Organizational assessment: all 18 EU AI Act articles
- Prioritized step-by-step remediation
- Pre-filled compliance documents (6 types)
- Technical due diligence evidence (PDF)
- Post-fix validation re-scan
- Art. 50 exportable evidence (JSON/CSV)
- EU AI Act risk classification
Start with your free assessment
Trust Badge
For organizations that need continuous monitoring and an up-to-date compliance report.
- Everything in Assessment, plus:
- Automated monthly re-scan
- Updated compliance report
- "Ercel Verified" badge for your website
- Monthly compliance changelog with diff
- Public verifiable score history
- Regulatory change alerts
- CI/CD API (scan trigger + poll)
- Monitoring dashboard with real-time posture score
- Configurable alerts (score drop, new criticals, SLA)
- Public monitoring badge
Start with your free assessment
14-day refund guarantee.
No commitment: first you get your free assessment. You only pay if you decide to certify.
Enterprise
From €8,000For organizations with multiple AI agents that need centralized control, CI/CD integrations, and guaranteed SLA.
Compliance & Governance
- GRC Dashboard: compliance posture + audit readiness
- Automated Compliance Reporting (monthly/quarterly PDF)
- AI System Registry + Model Cards (Annex IV EU AI Act)
- Full ISO 27001 toolkit (gap analysis, risk register, SoA)
- Compliance calendar with regulatory alerts
Security & Integrations
- SAML SSO + MFA/TOTP + SCIM 2.0
- ITSM Integrations (Jira, ServiceNow, Azure DevOps)
- Immutable audit trail (61 event types)
- VPAT 2.4 Generator (Accessibility)
- CI/CD API + webhooks
- Rate limiting 120 req/min per org
Yes, no commitment. Cancel from your dashboard and you'll keep access until the end of the billing period.
Data is automatically deleted after 90 days (GDPR-compliant retention policy). Paid plans allow access while the service is active.
It demonstrates that you performed an assessment. For complete documentation with remediation and evidence PDF, we recommend the AI Compliance Assessment.
Manual assessments typically take weeks and involve specialized consultants. Ercel Security automates the process using OWASP LLM Top 10 methodology and delivers results in minutes for €2,500.
Yes. The report documents technical due diligence under Art. 9 (risk management) of the EU AI Act. It includes reproducible evidence with cryptographic signatures (JWS ECDSA P-256), exportable in JSON, CSV, and SARIF.
A red team runs 20-30 manual tests over 4-8 weeks. Ercel runs 550+ automated vectors from OWASP LLM Top 10, with 26 multi-turn sequences and 10 evasion techniques. Post-fix re-scan included.
EU AI Act (Reg. 2024/1689), ISO 27001:2022, and SOC 2 Type II. You can also define custom frameworks for your organization.
Jira, ServiceNow, and Azure DevOps (finding export), Slack and Teams (notifications), CI/CD API (trigger scan + poll result), webhooks for pipelines. SCIM 2.0 for user provisioning.
August 2, 2026
3 months
Compliance assessments take 3-6 months.
If you start today, you'll just make it. The free assessment takes 5 minutes.
Get free assessmentFree assessment · Results in minutes