Run your own memo
Real deck · identifier withheldPublished 2026-05-16

Enterprise AI / Cybersecurity Seed, pre-revenue circa 2026

At a glance

General Verdict

Pass: technically credible, commercially unbuilt at seed.

Verdict

Pass: technically credible, commercially unbuilt

Thesis

AI-native pentesting wedge into air-gapped government

Moat

Air-gap architecture, unshipped, not yet a moat

Biggest risk

Zero revenue, [$range] valuation, unicorn competitors funded

Next step

Request signed contracts before any check

General verdictHigh confidence · facts cross-checked across deck, web, and risk passes · fund-agnostic

Pass

Pass: technically credible, commercially unbuilt at seed.

  • Thesis hook: AI-native air-gap pentesting is a genuine structural wedge into classified government markets, DORA, PCI DSS 4.0, and the pentester talent shortage create a real demand floor [1];
  • Signal evidence: #1 XBOW benchmark is a real technical signal; [$range]/mo burn is top-decile capital efficiency; but zero disclosed revenue and a [$range] post-money valuation with 15+ partners of unknown contract status make this a narrative bet
  • Decision posture: the air-gap moat is the thesis; it is not shipped; three unicorn-class competitors are accelerating; the case-for-investing has not been made on current information

Thesis

Autonomous pentesting platform targeting air-gapped government markets

Benchmark #1, zero revenue, [$range] valuation unsupported

TAM

[$range]–[$range] global pentesting market (web)

Stage

Seed, pre-revenue

Sector

Enterprise AI / Cybersecurity

Key strength

Verified #1 XBOW benchmark; hacker-founder with prior exit

Key risk

No disclosed revenue; [$range]+ funded competitors accelerating

General verdict

RatingPassHigh confidence · facts cross-checked across deck, web, and risk passes

Biggest risk

The [$range] post-money valuation is entirely unsupported by disclosed revenue, and the air-gap architecture, the only structurally durable moat. Is explicitly 'in progress' while three unicorn-class competitors with [$range]+, [$range], and [$range] raised respectively accelerate enterprise distribution.

Best reason

[founder]'s championship-level hacking credentials combined with a verified #1 XBOW benchmark ranking at [$range]/mo burn is the rarest founder-technical signal in autonomous security, a team outperforming [$range]-funded XBOW on XBOW's own harness before the air-gap model is even complete.

Would change mind

The verdict moves to Conditional if [redacted] discloses at least three signed paying contracts with dollar values, delivers the air-gap proprietary model into production, and resets the valuation to evidence, specifically sub-[$range] post-money until ARR is anchored.

Investment thesis

The thesis is structurally correct, AI-native autonomous pentesting with air-gap capability is a real wedge into classified government markets that frontier-API-dependent competitors cannot enter. The execution is not yet there.

  • Regulatory forcing function is real: DORA (in force January 17, 2025) mandates TLPT for EU financial entities every three years [1]; PCI DSS 4.0 fully enforceable March 31, 2025, these create a structural demand floor for continuous pentesting that did not exist at this scale before 2025
  • Founder-market fit is genuine: [founder]'s combination of championship-level offensive hacking, prior consumer exit (Hackuna, 3M+ users), and enterprise ethical hacking at PUMA Germany [2]-[founder]-8080a0b8] is nearly unreplicable in this category
  • Air-gap moat is the non-consensus insight: XBOW, Pentera, and Horizon3.ai are all structurally locked into frontier LLM APIs. They cannot operate in SCIF/IL5 environments regardless of capital deployed. If [redacted] ships the proprietary model, this is a real structural wedge
  • The moat is not yet real: air-gap architecture is 'in progress' ; the thesis depends on a technical milestone that has not been achieved

The strongest counter-argument for investing

The benchmark #1 ranking at [$range]/mo burn suggests the underlying AI architecture is genuinely superior. A team that outperforms [$range]-funded XBOW on XBOW's own harness before shipping the air-gap model may be 12 months from a defensible moat. The counter-counter: benchmark parity is a 6-month engineering sprint for a well-funded competitor; the moat only materializes when the proprietary model is in production and FedRAMP certification is in hand. Neither is true today.

GP summary

This is pre-revenue seed-stage cybersecurity, not institutional-ready.

Key factors

  • · Zero disclosed revenue with a [$range] post-money valuation , the valuation is benchmark-driven, not traction-driven, and is indefensible at Series A without a revenue anchor
  • · Air-gap architecture is the thesis and it is not shipped , the primary structural differentiator is a roadmap item, not a live product feature
  • · Three unicorn-class competitors (XBOW [$range]+, Pentera [$range], Horizon3.ai [$range]) are accelerating enterprise distribution simultaneously while [redacted] closes SAFEs at [$range]

Recommended next steps

  1. 01Request executed contracts or LOIs with dollar values for the top 3 named partners from deck, this is the single data point that determines whether the [$range] valuation is defensible or not.
  2. 02Request a live red-team demonstration of the Zeus platform against a production-equivalent enterprise environment with an active defender, not a benchmark harness replay. To validate that the #1 XBOW ranking translates to real-world effectiveness.
  3. 03Request the miruvor.ai partnership agreement and a technical milestone roadmap for the air-gap proprietary model, including target performance benchmarks relative to Claude/GPT-4o on novel exploit chain generation.
  4. 04Engage ITAR/EAR export counsel independently to assess whether Phase 3 'Hades' sovereign offensive capability constitutes a controlled munition, do not rely on founder's legal analysis for this determination.
  5. 05Request a full cost structure breakdown reconciling the [$range]/mo burn claim against headcount, compensation, infrastructure, and contractor costs, and verify [founder]' prior exit details and [founder]'s credentials directly.

Executive Summary

Pass: technically credible, commercially unbuilt at seed.

01

Why now

DORA (effective January 17, 2025) mandates threat-led penetration testing for EU financial entities [1], and NIS2 (transposition deadline October 2024, compliance window through October 2026) creates a risk-based expectation of continuous security testing across critical infrastructure sectors. Together, these two EU frameworks formalize pentesting as a compliance gate for thousands of organizations, converting a discretionary security spend into a mandatory line item and creating durable, recurring demand for continuous automated testing platforms.

Supporting tailwinds

  • AI-generated code explosion, AI coding tools are shipping millions of lines of code weekly, expanding attack surfaces faster than human pentesters can test them; autonomous testing is the only scalable response.
  • Offensive security talent shortage, ISC2 found 95% of organizations report cybersecurity staffing gaps, with offensive testing roles the hardest to fill; autonomous platforms are the structural substitute.
  • PTaaS CAGR of ~29% (2025–2030) signals buyer willingness to shift from periodic manual engagements to continuous subscription models, the exact motion [redacted] is selling.
  • Benchmark validation, [redacted]'s 92.3% XBOW Black-Box Benchmark score, achieved within weeks of launch, provides a credible technical proof-of-concept that accelerates enterprise conversations.
  • Federal market opening, Horizon3.ai's FedRAMP authorization [5] proves the government buyer segment is real and accessible; [redacted]'s air-gap architecture positions it for the higher-classification IL5 tier that Horizon3.ai does not yet serve.

Headwinds

  • Incumbent capital advantage, XBOW ([$range]+), Pentera ([$range]), and Horizon3.ai ([$range]) can outspend [redacted] on sales, engineering, and marketing by orders of magnitude; a benchmark lead does not survive a sustained resource war.
  • Air-gap architecture not yet shipped, the proprietary model enabling SCIF/IL5 operation is 'in progress' ; until it ships, the most defensible moat claim is aspirational.
  • Zero disclosed revenue, the deck shows 15+ named partners (current state, two weeks post-launch ) but no contract values, ARR, or MRR; commercial traction is unproven.
  • Phase 3 regulatory and ethical risk, 'Hades: sovereign-grade autonomous offensive capability' raises national security, export control, and liability questions that are unaddressed in the deck and could complicate fundraising and enterprise sales.
  • Enterprise sales cycle mismatch, [redacted]'s current team has deep hacking expertise but limited enterprise SaaS sales experience; [founder]' prior GTM exit details are undisclosed , making it difficult to assess commercial execution capability.

Timing risk.[redacted] is entering at the right moment in the regulatory cycle but risks being too early on the air-gap moat (proprietary model not yet shipped ) and too late on the commercial market (XBOW, Pentera, and Horizon3.ai have multi-year head starts and hundreds of millions in capital to defend their positions).

02

Company & product

Value proposition

Continuous autonomous hacking replacing periodic manual pentesting

Business model

SaaS subscription; replaces [$range]–[$range] per-engagement pentesting

Funding

[$range] SAFEs closed; [$range]+ interested; [$range] target

[$range] (deck p.13: '[$range] raise' noted in competitive landscape; current SAFEs [$range] + interested investors [$range]+ noted on ask slide) · Seed round, [$range] at [$range] post-money valuation (deck p.13)

Founding arc

[founder], a hacker since childhood (Philippine Hacker Games Champion 2015 & 2017, book author, built Hackuna with 1M+ users, first exit), worked as an ethical hacker in Germany protecting major global brands. Realized that building an autonomous system that hacks continuously, never sleeps, and neutralizes threats at scale is more powerful than being Batman himself. Founded [redacted] to replace slow, periodic pentesting with AI-native continuous hacking.

Team (3)

[founder]

Founder & CEO

1x startup exit (Hackuna, 1M+ users); Philippine Hacker Games Champion 2015 & 2017; authored hacker book; worked as ethical hacker in Germany protecting major global brands; featured in 50+ media outlets worldwide.

FitDeep domain expertise in hacking and security; proven ability to build and exit a consumer product at scale; direct experience protecting enterprise infrastructure; championship-level hacking credentials position him to build the most advanced autonomous pentesting system.

[founder]

Co-Founder & COO

Exited a GTM company; B2B sales and go-to-market expert.

FitGTM expertise and prior exit experience provide commercial execution capability to scale Phase 1 revenue and navigate enterprise sales cycles.

[founder]

Co-Founder & CTO

Masters in AI Engineering (US); TAMUhackX 1st Place; 3x SalesForce Certified; tech and AI lead.

FitAI engineering background and hackathon credentials position him to architect the AI-native autonomous hacking engine; SalesForce certification suggests enterprise software experience.

Additional team: Marx Del Mundo (Chief Hacking Officer), one of few people with CWEE (one of hardest web hacking certifications), bug bounty hunter. Patricia Lorenzo (Chief Financial Officer), accounting, taxes, bookkeeping, manages contractor engineers in Philippines. Strategic partnership with miruvor.ai for Phase 3 proprietary model. Contractor engineers from Philippines supporting product development. Advisory board includes Georgia Weidman (author of Penetration Testing, 15yrs+ hacking), Brian Harris (founder Covert Access Team, 15yrs+ hacking), Oliver Brown (founder CC Labs, 20yrs+ hacking), Slavi Parpulev (HackTheBox content author), Bo Nam (multiple exit founder SF), Moritz Letzner (multiple exit founder Austria).

Traction

Users / customers15+ named partners and clients globally (current state, two weeks after launch, deck p.6): Aseel|DoGood, CyberTrap, SQLSpreads, Humadroid, Texterous, VisaWire.ai, Omium, Bloque, Reveel, Bigicust, Armin, Glacier, Layest, In Case Of, Codara. PUMA noted as first large enterprise currently in talks.
  • · #1 ranking on XBOW Black-Box Benchmark (verified, third-party validated)
  • · Also ranked #1 in JS, DVWA, crAPI, c{API}tal, and Bounty Benchmark
  • · [$range]/mo burn vs. $5-10M/mo competitors

Product

Phase 1 (Zeus): Autonomous continuous penetration testing platform. User chats what they want hacked (Step 1), watches the AI hacker agent execute attacks in real-time (Step 2), receives detailed report with proof-of-concept, fixes, and remediation guidance (Step 3). Covers web, API, network, and Active Directory attack surfaces. Operates 24/7 without human pentester involvement. Deck shows live example of agent discovering Resend API key in frontend JavaScript, sending phishing emails from client's own domain, and escalating to super-admin, demonstrating autonomous multi-step exploitation.

AI-native architecture independent of frontier LLM APIs (Claude/GPT); built proprietary model to enable operation in air-gapped and classified (SCIF/IL5) environments. Competitors locked into Claude/GPT cannot operate in these contexts. Strategic partnership with miruvor.ai for Phase 3 proprietary model development. Full attack surface coverage: web + network + OSINT in single platform (competitors focus narrowly on web or network only).

Platform vs. pointPlatform play. Phase 1 (Zeus) is a continuous pentesting platform covering web/API/network/AD. Roadmap shows expansion to Phase 2 (Poseidon: IoT/OT/firmware/drones/robots) and Phase 3 (Hades: sovereign-grade autonomous offensive capability). Deck frames Phase 1 ARR as funding the wedge that makes Phases 2 & 3 inevitable, suggesting a multi-phase platform expansion strategy.

03

Market & competition

Market sizing

TAM[$range]–[$range] (2025)Global penetration testing market, encompassing all delivery models (manual engagements, PTaaS, automated platforms) across all geographies and verticals. The deck does not state a TAM figure; this range is derived from web research. Multiple sources converge on a 2025 base of [$range]–[$range], with the spread reflecting differing scope definitions (services-only vs. software + services). The autonomous/AI-native sub-segment that [redacted] directly addresses is a fraction of this total, estimated at 15–25% of the overall market based on PTaaS growth rates.
SAM[$range]–[$range] (2025, estimate)AI-native and automated continuous pentesting platforms sold to enterprises and mid-market organizations in North America and Europe, the geographies [redacted] can realistically reach in Phase 1. North America commands ~38–42% of the global market [3]; Europe adds ~25%. Applying those shares to the TAM and then narrowing to the automated/AI-native segment (estimated 15–25% of total spend) yields a SAM of roughly [$range]–[$range]. The deck does not disclose a SAM figure; this is a chain estimate (derived).
SOM[$range]–[$range] ARR (3–5 year horizon, estimate)Realistic revenue capture for [redacted] over a 3–5 year window, assuming successful Phase 1 commercialization. At a [$range] post-money seed valuation , investors are implicitly pricing a 10–20x revenue multiple at exit, implying a target ARR of [$range]–[$range] at the current stage and [$range]–[$range] at Series A/B scale. This is consistent with the company's stated goal of multiplying revenue by 100x from a near-zero base . The SOM is highly sensitive to enterprise sales cycle length and whether [redacted] can convert its current 15+ named partners (current state, two weeks post-launch ) into paying contracts.
Methodology + caveats

Deck is silent on TAM/SAM/SOM, no market sizing figures appear in the deck. All numbers above are web-research-derived or chain estimates. The TAM figures from third-party research firms (Straits Research, Fortune Business Insights, Mordor Intelligence) are directionally consistent but vary by 25–40% depending on scope definition; treat the [$range]–[$range] range as a reasonable 2025 anchor, not a precise figure. Key caveat: the autonomous pentesting sub-segment [redacted] competes in is far smaller than the total penetration testing market. The majority of spend still flows to manual consulting engagements (services segment held 58.5% share in 2025). [redacted]'s addressable opportunity is the automated/PTaaS slice, which is growing fastest but remains a minority of total market spend. PTaaS CAGR of ~29% is the most relevant growth signal for [redacted]'s business model. The [$range]–[$range] per engagement traditional pentesting price point is the cost structure [redacted] is disrupting. The substitution dynamic is real but the conversion timeline is uncertain. Name collision note: no disambiguation needed; [redacted] is a unique name with no major collision.

Market analysis

The global penetration testing market is [[[$range]–[$range]]] in 2025 [3], growing at 12–20% CAGR; the PTaaS sub-segment accelerates at ~29% CAGR, the fastest-growing delivery model.

Competitive analysis

Three unicorn-class competitors dominate the autonomous pentesting market; [redacted]'s only durable differentiation is the air-gap architecture, which is not yet shipped.

XBOWDirect
Strength.Founder pedigree (GitHub Copilot creator), [$range]+ total raised, 100+ live customers, unicorn valuation, Samsung as reseller in South Korea.Gap.Dependent on frontier LLM APIs; cannot operate in air-gapped or classified (SCIF/IL5) environments, a structural gap [redacted] claims to address .
Funding / scale.[$range]+ total raised; Series C at [$range]+ valuation (2026) [4]
PenteraDirect
Strength.1,100+ live enterprise customers, [$range] ARR trajectory, 10-year market presence, agentless architecture safe for production deployment.Gap.Focused on network/internal attack surface; less coverage of web application and API attack surfaces that [redacted] targets; not AI-native from the ground up.
Funding / scale.[$range] total raised; [$range]+ valuation; ~1,100 customers; ~400 employees [5]
Horizon3.aiDirect
Strength.FedRAMP-authorized (live credential), 3,000+ customers, former Special Operations founders with federal relationships, NSA CAPT program participant.Gap.Network-centric architecture; web application pentesting is an announced expansion, not a shipped core capability; less AI-native than [redacted] claims to be.
Funding / scale.[$range] total raised; [$range] Series D (June 2025); 3,000+ customers
Rapid7Incumbent
Strength.Broad enterprise installed base, integrated platform (vuln mgmt + detection + pentesting), public company credibility for procurement.Gap.Not autonomous-native; pentesting is an add-on to a broader platform, not a core product; slower to innovate than pure-play autonomous startups.
Funding / scale.Public company (NASDAQ: RPD); buyout interest at ~[$range] valuation (October 2024)
HackerOneAdjacent
Strength.Large researcher community, brand recognition, hybrid human+AI model provides depth for complex vulnerabilities.Gap.Human-dependent model limits 24/7 continuous coverage; cannot operate in air-gapped environments; higher cost structure than fully autonomous platforms.
Funding / scale.Private; total funding not confirmed via primary source in this search loop, omitted per THIRD-PARTY ENTITY VERIFICATION rule.

Moat assessment

Primary competition. Other funded startups, XBOW, Pentera, and Horizon3.ai are the direct autonomous pentesting competitors, all significantly better-capitalized than [redacted] at this stage.

Durability. Air-gap architecture is the only claim with multi-year durability, classified government buyers have long procurement cycles and high switching costs once a vendor achieves FedRAMP IL5 authorization. The benchmark lead is fragile: XBOW has [$range]+ to close it. Capital efficiency is temporary. The moat window is 12–24 months before well-funded competitors replicate the air-gap capability or acquire a solution.

04

Metric benchmarks

Claim[$range]/mo burn rate vs. $5-10M/mo for competitors (deck)

Industry benchmark

Seed-stage enterprise SaaS companies typically burn [$range]-[$range]/mo (OpenView SaaS Benchmarks 2024). Security AI companies with active R&D typically run higher.

No comparable scale (non-percentage metric)

Assessment · weak

Suspicious without a cost breakdown. [$range]/mo implies fewer than 2 full-time US-based engineers at market rates. The Philippines contractor model makes this plausible but unverified, the deck discloses no headcount or infrastructure cost structure.

Claim#1 ranking on XBOW Black-Box Benchmark (deck)

Industry benchmark

XBOW is the primary third-party autonomous pentesting benchmark in the industry; top ranking is a meaningful signal. No prior seed-stage company has held this position publicly.

No comparable scale (non-percentage metric)

Assessment · strong

Credible as a technical signal, limited as a commercial signal. Third-party validation is real , but XBOW tests against known CTF-style targets. Production effectiveness against hardened enterprise environments with active defenders is a separate, unvalidated question.

Claim[$range] post-money valuation at seed (deck)

Industry benchmark

Median seed post-money valuation in enterprise SaaS was $12-18M in 2024 (Carta State of Private Markets Q4 2024). AI-native security companies command a premium, but [$range] is top-quartile.

No comparable scale (non-percentage metric)

Assessment · moderate

Aspirational without revenue. Top-quartile seed valuations at [$range] are defensible for companies with [$range]+ ARR or a signed enterprise anchor. [redacted] has neither disclosed, the valuation is benchmark- and narrative-driven at this stage .

Claim15+ named partners two weeks post-launch (deck)

Industry benchmark

Enterprise SaaS companies at seed typically close 3-8 design partners in the first 90 days. 15+ in two weeks is above median but common in freemium or pilot-heavy GTM motions.

No comparable scale (non-percentage metric)

Assessment · strong

Credible as pipeline, unverified as revenue. The named list is specific and checkable, which is a positive signal. The absence of any contract value, payment status, or MRR figure means this metric cannot be benchmarked against commercial traction standards.

05

Risk assessment

Risk analysis

The dominant risk shape is valuation-without-revenue in a category where three unicorn-class competitors are accelerating simultaneously.

  • 3High severity
  • 2Medium severity
  1. 1

    Zero disclosed revenue at seed with [$range] post-money valuation

    HighExistential

    [redacted]'s [$range] post-money valuation is unsupported by any disclosed ARR, MRR, or contract value. The deck's use-of-funds line 'Multiplying the Revenue by 100 times' implies a near-zero revenue baseline, making the valuation entirely benchmark- and narrative-driven.

    Mitigant.Convert current 15+ named partners to paying contracts quickly; any disclosed ARR anchors the valuation before the next check.

  2. 2

    Well-funded incumbents can replicate benchmark performance with capital

    HighStructural

    XBOW ([$range] raised), Pentera ([$range]), and Horizon3 ([$range]) each outspend [redacted] by 25-80x. A single engineering sprint by any of these competitors could close the XBOW benchmark gap that [redacted]'s entire differentiation narrative rests on.

    Mitigant.Air-gap architecture and proprietary model create a technical moat competitors cannot replicate while locked into Claude/GPT APIs, but this moat is still in progress.

  3. 3

    Phase 3 'Hades' sovereign-grade offensive capability creates regulatory and legal exposure

    HighStructural

    Deck language describing Phase 3 as 'neutralizing high-level threats on the planet' implies autonomous offensive hacking at nation-state scale. This likely triggers Computer Fraud and Abuse Act (18 U.S.C. § 1030) constraints and export control review under the Export Administration Regulations (EAR), neither of which the deck addresses.

    Mitigant.Restrict Phase 3 to cleared government contractors operating under existing SCIF/IL5 frameworks ; engage export counsel before Phase 3 development begins.

Bull case What has to go right

Current 15+ partners must convert to paying contracts within 6 months ; air-gap proprietary model must ship before a well-funded competitor replicates it ; FedRAMP/IL5 groundwork must produce at least one government pilot within 18 months .

Bear case What could go wrong

Partners remain unpaid pilots, PUMA talks stall, and [redacted] raises a down round or bridge at a fraction of the [$range] post-money .

Failure modes the partner would catalogue

  1. 1

    XBOW retrains against its own benchmark harness within 12 months (it built the harness; it has [$range]+ to dedicate a sprint), erasing [redacted]'s #1 ranking before the air-gap model ships, leaving [redacted] with no differentiated moat and a [$range] valuation it cannot defend at Series A.

  2. 2

    The air-gap proprietary model (miruvor.ai partnership ) slips 18+ months due to frontier-model performance gaps; FedRAMP authorization consumes [$range]+ of the [$range] raise; Phase 1 revenue never scales past [$range] ARR; the company runs out of runway before the government wedge materializes.

  3. 3

    Phase 3 'Hades' sovereign offensive capability triggers EAR/ITAR export control review; the company is classified as a controlled munitions developer; enterprise buyers walk on liability concerns; the commercial market collapses before the government licensing pathway is resolved.

06

Diligence questions

Questions a VC would ask you. Prepare your answers.

  1. 01

    Of the 15+ named partners listed on deck, how many have signed contracts with disclosed dollar values, and what is the total contracted ARR? Please provide executed agreements or LOIs for the top 3 by contract value.

    Critical

    The use-of-funds line 'Multiplying the Revenue by 100 times' implies current revenue is negligible or zero. The entire [$range] post-money valuation rests on benchmark performance and a partner list of unknown commercial status. This is the single most critical data point before any check.

  2. 02

    What is the current status of the air-gap proprietary model development with miruvor.ai ? Provide a technical milestone roadmap with dates, the model architecture approach, and the performance benchmark target relative to frontier LLMs on pentesting tasks.

    Critical

    The air-gap architecture is the only structurally durable moat in this deck, XBOW, Pentera, and Horizon3.ai are all locked out of SCIF/IL5 environments by their frontier API dependencies. If this milestone slips or the proprietary model underperforms frontier LLMs, the thesis collapses. The moat window is 12–18 months before well-funded competitors build or acquire air-gap capability.

  3. 03

    What is the actual cost structure behind the [$range]/mo burn claim ? Provide a breakdown by headcount (with compensation), infrastructure, and contractor costs, specifically reconciling 5 named team members plus Philippine contractor engineers against a [$range]/mo total.

    Critical

    At [$range]/mo, [redacted] cannot be paying US-market salaries for any named team member. Either the burn excludes founder compensation, deferred salaries, or infrastructure costs, or the team is entirely contractor-based at Philippine rates. This matters for runway math and for understanding the true cost of scaling the team to enterprise sales capacity.

  4. 04

    Has [redacted] engaged ITAR/EAR export counsel regarding Phase 3 'Hades' sovereign-grade autonomous offensive capability ? What is the legal analysis on whether this capability constitutes a controlled munition under the Computer Fraud and Abuse Act (18 U.S.C. § 1030) or EAR/ITAR;?

    Critical

    Phase 3 language describing 'neutralizing high-level threats on the planet' implies autonomous offensive hacking at sovereign scale. If this capability requires a munitions license, the addressable market shrinks to a handful of government contractors and the commercial enterprise market Phase 1 targets becomes legally inaccessible. This is a verdict-level blocker if unresolved.

  5. 05

    What is [founder]' prior GTM exit, company name, exit value, acquirer, and timeline? And can [founder] provide a LinkedIn URL or verifiable credential for the Masters in AI Engineering and TAMUhackX 1st Place claim?

    Important

    [founder]'s exit claim is unverifiable from surfaced LinkedIn snippets-[founder]-434620158]; no company name or exit details appear. [founder] returned no LinkedIn match across 3,400+ profiles. Both are load-bearing team claims at a [$range] valuation, unverified founder credentials are a diligence gap, not a minor omission.

  6. 06

    What is [redacted]'s subscription pricing model, per seat, per scan, per asset, or flat annual fee? At what price point does continuous autonomous pentesting undercut the [$range]–[$range] per-engagement traditional model while covering infrastructure and model costs at scale?

    Important

    No pricing is disclosed anywhere in the deck [deck–13]. The SaaS subscription thesis requires a price point that beats per-engagement economics for the buyer while generating positive unit economics for [redacted]. Without pricing, LTV/CAC cannot be estimated and the revenue model is an assertion.

  7. 07

    The XBOW benchmark score of 92.3% vs. XBOW's 85% is founder-authored. Has this been independently audited or reproduced by a third party? Can [redacted] provide a live red-team demonstration against a production-equivalent enterprise environment with an active defender?

    Important

    The benchmark ranking is the primary technical signal in the deck and the anchor for the [$range] valuation. XBOW built the harness and has the capital to retrain against it. A live production demonstration against a hardened target would provide a harder real-world signal than a controlled test harness score.

  8. 08

    What is the FedRAMP/IL5 authorization timeline and budget within the [$range] raise ? FedRAMP authorization typically costs [$range]–[$range] and takes 12–24 months, how does this compete with Phase 1 product acceleration and revenue scaling as co-equal use-of-funds priorities?

    Useful

    Horizon3.ai already holds FedRAMP High status and NSA CAPT program participation, a direct first-mover disadvantage. If [redacted] cannot fund FedRAMP authorization within the [$range] raise while also scaling Phase 1 revenue, the government wedge thesis requires a Series A before the moat is established.

07

Sources

6 cited

founder-stated, from the pitch deck · numbered sources are independently verified third parties

  1. Pitch Deck (anonymized publisher, published 2026-05-16)(private; sign in to view)Founder-stated · figures self-reported by the company, not independently verified
  2. 1.
  3. 2.
  4. 3.
  5. 4.
  6. 5.

About this memo

Real analysis. Identity blacked out. Verdict has not edited the analytical content.

The publisher opted in to anonymize their memo for the gallery. Company name and founder names redact at render time; specific dollar amounts collapse to ranges. Sector, stage, market structure, risk assessment, and diligence questions stay intact. Verdict does not re-run analysis on published memos.

Spotted a redaction issue? info@useverdict.io

Run your own memo