Analysis – The Paid First Step

You've built something – an idea, a concept, a prototype with Cursor, Copilot, or Claude, or a platform that's already running. Before it becomes a production-ready system, you need clarity about where you really stand. The Analysis is the paid, binding first step of every project in the ANVIL system – the honest stocktake of code, architecture, infrastructure, and compliance. Its result: an audit report, a prioritized roadmap, and a dependable cost plan. The fee is credited in full toward the fixed-price engagement. The entry point is always the free intro conversation.

4 of 4

entry paths begin with the Analysis – the paid first step of every project

From €36,000

fixed price for the complete engagement; the Analysis fee is credited in full

45%

of AI-generated code contains security vulnerabilities (Veracode 2025)

€3.87M

average cost of a data breach in Germany (IBM 2025)

Why every project begins with the Analysis

No honest Analysis → every investment is flying blind. That's exactly why the Analysis stands at the start of every engagement. Going into delivery without a dependable stocktake means building on assumptions instead of facts – and assumptions are expensive. According to IBM (2025), the average cost of a data breach in Germany is €3.87M. IBM: Cost of a Data Breach Report 2025

The Analysis is not an optional service and not a mere PDF audit you file away in a drawer. It's the binding first step that sets the shortest path into production – and that makes the commercial risk of every step that follows plannable.

What the Analysis delivers

That's why: we review what already exists and translate the findings into three dependable deliverables:

Audit report: the state of your code, architecture, infrastructure, and compliance. We name security vulnerabilities, architectural weaknesses, and bottlenecks concretely. According to Veracode, 45% of AI-generated code contains security vulnerabilities; a CodeRabbit analysis of 470 pull requests found up to 2.74x more security issues in AI code than in purely human-written code. Veracode: GenAI Code Security Report 2025 CodeRabbit: State of AI vs. Human Code Generation Report
Prioritized roadmap: what has to happen, and in what order, for your system to hold up in production? Not a wish list, but the shortest path to the goal.
Dependable cost plan: a realistic order of magnitude for the entire engagement – no surprises, no hidden hourly rates.

Your prototype is the most precise spec

If you bring a prototype with you, that's a genuine head start. A working prototype shows more precisely than any requirements document or requirements workshop what you really need – it saves weeks of specification work. That initiative is the foundation we build on.

Our approach is deliberately AI-positive: AI delivers the pace, senior expertise delivers the hardening. The Analysis is never aimed at your work, but at the risks that arise under time pressure. Industry-wide studies show how real those risks are: Escape.tech found more than 2,000 vulnerabilities across 5,600 vibe-coded applications. Escape.tech: Vulnerabilities in Vibe-Coded Apps (2025) These are exactly the gaps the Analysis makes visible – before they reach production. For what that looks like in practice, see our guide to technical due diligence.

For all four entry paths, the journey begins here

Whatever already exists – every path starts with the Analysis:

Idea: you don't have any code yet. The Analysis clarifies feasibility, target architecture, and cost frame before moving on to New Design.
Concept or design: you have mockups or a specification. The Analysis leads straight into Validation – your prototype, the one that lasts.
Prototype: you've built something that works. The Analysis sets the path into Implementation & Hardening, where your prototype becomes your MVP.
Existing platform: your platform is running but insecure, not scalable, or not sovereign. The Analysis prioritizes hardening and launch & operations on EU infrastructure.

However different the starting point, the Analysis ensures that every path starts on facts rather than guesswork.

How the Analysis works

Free intro conversation: in 30 minutes we get to know your project and place your entry path – no obligation.
Commission the Analysis: you commission the Analysis as the first step of the engagement. We get access to your repository and the context we need.
Take stock: we review code, architecture, infrastructure, and compliance. That includes an assessment of GDPR, NIS2, and CLOUD Act exposure – since December 2025, NIS2 has required documented cybersecurity measures from around 29,500 German companies. BSI: NIS2 Implementation in Germany
Audit report, roadmap, and cost plan: you receive the three deliverables – the Analysis fee is credited toward the fixed-price engagement.

For details on the regulatory requirements, see our pages on the NIS2 obligations and the GDPR vendor audit.

The fee is credited

At AnvilStack there's no tariff jungle and no tiers, but exactly one offering: the ANVIL system as a fixed-price engagement from €36,000, from the Analysis through to a production-ready, EU-sovereign system. The Analysis is the paid first step of this engagement – and its fee is credited in full. So you don't pay for it on top; you pay it as the first part of the overall service.

The free entry point is always the intro conversation. If the Analysis shows that your project needs a smaller scope than the full engagement, we tell you so honestly. That way your risk stays manageable from the very first contact.

Outcome: deciding on the basis of facts

Outcome: you decide on the basis of facts, not hope. You know where you stand, which risks are real, and what the path into production costs. From that clarity follows the next step in the ANVIL system – New Design, or straight into Implementation & Hardening, depending on your starting point.

Send us a short description of your project. We'll get back to you within 24 hours and arrange the free intro conversation, in which we clarify your entry path and the scope of the Analysis.

Frequently asked questions

What does the Analysis cost at AnvilStack?

The Analysis is the paid, binding first step of every project – not a free service. Its fee is credited in full toward the fixed-price engagement (from €36,000). So you don't pay for the Analysis on top; you pay it as the first part of the overall service. The concrete scope is set in the free intro conversation.

Is the Analysis really mandatory?

Yes. Every project begins with the Analysis – whether you start with an idea, a concept, a prototype, or an existing platform. Without an honest stocktake, any investment would be flying blind. The Analysis creates the foundation of facts on which all the steps that follow are built.

What do I receive at the end of the Analysis?

Three dependable deliverables: an audit report on the state of your code, architecture, infrastructure, and compliance; a prioritized roadmap with the shortest path into production; and a dependable cost plan. With those, you decide on the basis of facts, not hope.

How do I get started?

With the free intro conversation. In 30 minutes we get to know your project, place your entry path, and clarify the scope of the Analysis. The intro conversation is without obligation – only afterward do you decide whether to commission the Analysis.

What happens to my code during the Analysis?

We treat your code in strict confidence. Repository access is used solely for the Analysis and removed once it is complete. On request, we sign a non-disclosure agreement (NDA) beforehand.

Do I need the Analysis if I only have an AI prototype?

Especially then. According to Veracode (2025), 45% of AI-generated code contains security vulnerabilities. The Analysis makes these risks visible and translates your prototype into a prioritized roadmap – before you invest in the wrong direction. And your prototype is the most precise spec there is.