Thoropass Announces New Products and a Comprehensive Vision for the Future of AI and Compliance

Thoropass guides enterprises into the AI era by releasing a new GenAI product for due diligence questionnaires, an AI penetration testing service, and support for the ISO 42001 AI Management System standard.

Thoropass, the industry leader in infosec compliance automation, unveiled its wide-ranging vision of the role that AI will play in compliance, and how compliance for AI will evolve. With a new guiding philosophy, products, partnerships, and framework support, Thoropass will vet technologies and support organizations that are looking to benefit from AI innovations while managing their inherent risks.

“The rapid pace of AI advancements has put enormous pressure on organizations’ infosec risk and compliance postures. Thoropass is uniquely positioned to both advance how AI is used responsibly in the industry of compliance automation, as well as ensure that enterprises are carefully managing their risk and compliance as they introduce AI into their businesses,”  said Sam Li, CEO and co-founder of Thoropass. “Today, we are launching a foundational set of tools that will drastically speed up compliance security reviews, services that will support companies’ safe adoption of new AI technologies, and support of the frameworks that will help guide the future of AI and compliance in the enterprise.”

A Guiding Vision for Responsible AI 

From start-ups seeking compliance frameworks to safely bring their services to market, to enterprises looking to invest in new AI-based approaches, Thoropass has laid out a vision for the consideration of compliance in AI. Published as a set of “guiding principles,” Thoropass has drawn from its in-depth experience with both compliance automation and audit management across thousands of companies to create a touchstone vision of how AI should be ethically embedded into software products and services. 

At its core, Thoropass believes that many AI use cases will benefit from human oversight, particularly in the compliance and risk management realm. By putting human experts squarely at the crossroads of where AI meets strategy, data, and security, companies can reduce their risk and maintain a strong compliance posture. The result is a faster, safer approach to AI use that ensures compliance experts have the final say in how data is used and protected.

Read the full set of guiding principles.

New products and services for “Enterprise Ready AI” 

As part of today’s announcement, Thoropass unveiled the first of its new products designed to support organizations at two critical points: security due diligence questionnaires and managing the potential risk that AI tools introduce into the enterprise. 

GenAI Due Diligence Questionnaires 

Thoropass’s new Due Diligence Questionnaire (DDQ) product is GenAI-powered, allowing customers to respond to dozens of standard security questions in a fraction of the time it has taken to fill out the traditional surveys often used for third-party risk management and business agreements.

Thoropass uses advanced processing tools to assess a given question and match it to the company’s own existing library of previously answered questions. If a question cannot be matched, then GenAI is used to scan existing PDFs of prior surveys, policies, procedures, reports, etc. and suggest answers that can be adopted or edited as appropriate. As a closed system, it does not require exposure to an external LLM, and the company’s own answers are not used to train other external models, ensuring that all data remains within the company’s control. With a match rate that can exceed 80%, Thoropass’s tool will reduce the hours spent filling out questionnaires and shift the focus from hunting for prior answers across countless spreadsheets to reviewing and approving the answers generated by the tool. 

“The number of hours spent by compliance managers to fill out security questionnaires, largely spent hunting around for an appropriate prior answer, is remarkable. Our Due Diligence Questionnaire product slashes that time from days to hours,” said Andrew Persons, Vice President of Product. “By leveraging the company’s own previously collected answers and evidence, the accuracy and match rate is exceptional, reducing the risk of errors and streamlining the final review process.” 

Learn more about Thoropass’s Due Diligence Questionnaire (DDQ) product.

AI Penetration Testing Offering 

In addition to using AI to help customers achieve compliance more efficiently, Thoropass today announced a new AI pentesting offering that will help companies identify new attack vectors and remediate potential security risks when deploying and managing Large Language Models (LLMs). Building upon the recently announced partnership with, Thoropass’s AI pentesting offering will ensure that customers can confidently and securely integrate GenAI capabilities into their applications. This process is critical to managing the risk of new technology adoption and is a core component of new and emerging AI compliance frameworks.  

“Companies need to know that while deploying GenAI solutions can unlock enormous opportunities for efficiency and innovation, it can also open the door for bad actors to compromise the security of the application and data using novel attack vectors,” said Donavan Trieu, Director of Business Operations at Thoropass. “Our AI pentest offering assures customers are operating according to the latest LLM security protocols, keeping up with the fast-moving pace of LLM development, allowing their teams to proactively address new threats and reduce business risk.”   

Interested companies can add their names to the AI pentest waitlist.

Support ISO 42001 and other AI Compliance frameworks

In response to the growing calls for more regulation in AI, ISO 42001 was released this year to fill the gap left by other compliance frameworks. Thoropass is now adding support for this framework to its compliance automation platform. Available to customers in early Q3 as part of the OrO Way approach to multi-framework compliance automation and audit integration, this certification will ensure companies are safely employing AI. Offered alongside Thoropass’s other core compliance frameworks, such as SOC 2, HITRUST, PCI DSS, and ISO 27001, customers benefit from the multi-framework approach that further cuts down on the need to conduct multiple, overlapping compliance audits.

Learn more about the Oro Way multi-framework approach to integrated compliance automation and audit.

Read more about how your organization can unlock AI’s innovation without the risk.

About Thoropass

Thoropass, previously known as Laika, focuses on facilitating infosec compliance processes for businesses, ensuring that regulatory adherence enhances rather than hinders operational progress. The organization integrates software solutions and direct services into its clients’ operational frameworks, aiming for seamless audit preparedness annually. With a team of in-house, independent auditors proficient in major compliance frameworks such as SOC 2, HITRUST, HIPAA, GDPR, PCI DSS, ISO 27001, and ISO 42001,  among others, Thoropass conducts over 500 audits every year, with a commitment to supporting companies in maintaining high standards of compliance and security.