Show HN: A free AI risk assessment tool for LLM applications

https://www.gettavo.com/app

33•percyding99•1d ago

We’ve built an AI risk assessment tool designed specifically for GenAI/LLM applications. It's still early, but we’d love your feedback. Here’s what it does:

1. it performs comprehensive AI risk assessments by analyzing your codebase against different AI regulation/framework or even internal policies. It identifies potential issues and suggests fixes directly through one click PRs.

2. the first framework the platform supports is OWASP Top 10 for LLM Applications 2025, upcoming framework will be ISO 42001 as well as custom policy documents.

3. we're a small, early stage team, so the free tier offers 5 assessments per user. If you need more, just reach out, happy to help.

4. sign in via github is required. We request read access to scan code and write access to open PRs for fix suggestions.

5. we are looking for design partners to collaborate with us. If you are looking to build compliance-by-design AI products, we'd love to chat.

product url: https://www.gettavo.com/app

we'd really appreciate feedback on:

- what you like

- what you don't like

- what do you want to see for the next major feature

- bugs

- any other feedback

feel free to comment here or reach out directly: email: percyding@gettavo.com, linkedin: https://www.linkedin.com/in/percy-ding-a43861193/

Comments

Urahandystar•9h ago

I get the feeling you're about to make a whole lot of money. I'd move away from enterprise and try to aim for hobby coders with a micro transactions.

percyding99•8h ago

-> I'd move away from enterprise and try to aim for hobby coders with a micro transactions.

Thanks! That's actually an interesting point. We've been trying to reach out to enterprise and get some early users + feedback from them, we will start reaching out to hobby coders or even vibe coder to try out the product as well

Ciunkos•7h ago

I believe this was just a joke. I bet only heavily regulated enterprises would be interested in a product like yours, to checkmark their compliance sheet. Regular coders and smaller businesses won’t care.

percyding99•6h ago

Thanks for the feedback! We've had a few inbounds from early stage startups that try to sell to regulated industry so our assumption here is small startups might need our tool if they are targeting highly regulated industries(we could be completely wrong tho)

Joke or not, it actually made me consider reaching out to vibe coders, but yeah we are still validating the need

throwaway_5753•8h ago

This seems like the wrong direction if you want to make a whole lot of money. Do hobby coders pay for anything?

percyding99•8h ago

what do you think about solo dev/founder or indie hackers?

Cynddl•7h ago

I see on the landing page a screenshot with "Test for GDPR PII compliance", suggesting that this tool is probably not ready for any serious usage.

Anyone in the regulation landscape would know that GDPR is a EU data protection law, and PII a US concept which doesn't apply in the GDPR. The GDPR uses the concept of ‘personal data’, not ‘personally identifiable information’. This is not just a wording issue. Redacting, masking, removing information which appears to be ‘personally identifiable’ only constitutes pseudonymisation in the GDPR which does not offer any meaningful privacy protection.

percyding99•7h ago

Thanks for the feedback! We agree that this tool is definitely not ready for serious usage at this stage, it would require heavy tuning and testing before wide adoption

also thanks for flagging the GDPR issue!

alickz•7h ago

Cool idea

Though the "Privacy" link on your homepage doesn't work

Do you use scanned repositories for training or other purposes?

percyding99•6h ago

Good catch on the "Privary" link, thanks!

-->Do you use scanned repositories for training or other purposes?

No we do not use the scanned repo for training or other purposes

hiatus•3h ago

Have you been through any sort of audit like SOC 2 or ISO 27001? Can't see any enterprises even engaging in a conversation without something like that.

As a person who works in security in a large enterprise, I'd expect some kind of audit, pentest results, and more available in some type of trust center. And that's before we even send a security questionnaire that digs into your processes and controls.

Show HN: Visual flow-based programming for Erlang, inspired by Node-RED

X X^t can be faster

I'm Peter Roberts, immigration attorney, who does work for YC and startups. AMA

A Research Preview of Codex

MIT asks arXiv to take down preprint of paper on AI and scientific discovery

The Magic Hours: The Films and Hidden Life of Terrence Malick

The first year of free-threaded Python

Stax Museum Bob Abrahamian Collection

Foundry (YC F24) Is Hiring – Founding Engineer (ML × SWE)

Transformer: The Deep Chemistry of Life and Death

Show HN: Rv, a Package Manager for R

Show HN: SQL-tString a t-string SQL builder in Python

Tower Defense: Cache Control

Material 3 Expressive

Evolution of Rust Compiler Errors

What were the MS-DOS programs that the moricons.dll icons were intended for?

New 'Superdiffusion' Proof Probes the Mysterious Math of Turbulence

The fastest Postgres inserts

Show HN: Workflow Use – Deterministic, self-healing browser automation (RPA 2.0)

Returning to My Roots in Hardware

Sci-Net

Ground control to Major Trial

Ollama's new engine for multimodal models

LPython: Novel, Fast, Retargetable Python Compiler (2023)

The Awful German Language (1880)

Beyond Text: On-Demand UI Generation for Better Conversational Experiences

Náhuatl and Mayan Language Renaissance Occurring in Mexico

Baby is healed with first personalized gene-editing treatment

Explaining British Naval Dominance During the Age of Sail

Ed Smylie, Who Saved the Apollo 13 Crew with Duct Tape, Dies at 95