Find out what's already running.
Three weeks of structured discovery that gives established businesses a clear picture of every AI tool in use and what it exposes them to.
Most established businesses have AI running inside them already. A platform vendor added features you pay for but didn't choose. An employee started using ChatGPT for client work last spring. A contractor shipped a chatbot and moved on. None of it was a decision, and none of it is being watched.
The EU AI Act is now in full effect. It applies to any business serving EU customers, which includes more US companies than most owners realize. Insurers are starting to ask questions. Clients are starting to ask questions. The answers most businesses have right now are not good enough.
The AI Exposure Audit is three weeks of structured discovery built for one purpose. At the end of it, you have a clear, documented picture of every AI tool running in your business, what risk each one carries, and what to do about it.
This is risk visibility for founders who don't have a legal team. It sits between the Strategy Session, which is about what you should build, and a Solutions engagement, which is about building it. The Audit answers a different question. What's already running, and should it be?
The Audit is the right starting point for a few specific situations. Your team uses AI tools you didn't formally approve. Your software vendors have added AI features to platforms you already pay for. You serve EU customers and aren't sure what the AI Act actually requires of you. You've deployed AI somewhere in the last eighteen months and no one is watching it.
If any of those describe your business, this is the place to start.
Three weeks. Four deliverables.
Discovery
We interview you and two or three key people on your team. We map every AI tool in use, authorized or not. We document which data moves through which system and who owns each one.
Analysis
Each tool gets categorized by risk, with specific attention to the EU AI Act where it applies. We flag issues specific to your industry and separate real problems from future ones and non-issues.
Delivery
Four documents and a read-out call. You get everything in writing, and we walk through it together.
What you leave with.
AI Tool Inventory.
A complete list of every AI tool in use, who uses it, what data it touches, and who authorized it. Most clients have never seen this in one place.
Exposure Report.
A written document covering findings, risk categorization, and recommended actions ranked by urgency.
AI Usage Policy.
One page. Plain English. Something your staff will actually read and follow.
Tool Decision Framework.
A short checklist for the next time someone wants to add a new AI tool. Questions that have to be answered before the tool goes live.
The Audit is not legal advice. It does not replace a full compliance program. Implementation of any recommended fixes happens separately, typically under a Solutions engagement. Ongoing monitoring belongs in a retainer.
Naming these boundaries up front is part of the point. A clear answer about what this is — and what it isn't — is the first thing you get.
$5,000.
Three weeks, four documents, one read-out call. No hourly billing and no scope drift.
Every Audit begins with a Discovery Call. We use it to confirm the Audit is the right fit for your business before you commit to anything.