Differentiation — AI-Agent Risk, Not Cyber Risk
The headline move: don’t fight Protos Labs on cyber risk — that’s a mature, ten-year-tenure game where they (ex-Booz Allen threat-intel operators, Lloyd’s Lab, CSA-backed, patented) have pedigree we don’t. Win the new ground: the financial risk that AI agents create. It’s a 2024-onward category where no one has a decade, and where our actual edges — we build AI agents, we quantify financial risk, and we do real data engineering — are decisive. Cyber is one input to that risk, not the category.
This answers both “how do we differentiate from Protos?” and the sharper question — how to emphasize the risk bought by new AI agents over cyber risk, when the team doesn’t have ten years in cyber. Same answer: change the category; don’t out-tenure them in theirs.
Who Protos actually is (no strawman)
Protos has pivoted — twice. Respect the current shape, not the old one:
- Then (“Nexus”): cyber risk quantification — dollar loss (AAL/EML) sold to insurers to price cyber policies; Singapore’s first fast-tracked cyber patents. (background)
- Now (“Protos AI”, launched RSA 2026): an agentic AI investigation platform — “the intelligence platform for adversarial risk” — agents that augment CTI / fraud / supply-chain analysts across the investigation lifecycle, producing an investigation conclusion (the actor, the infrastructure), not a price. (launch)
- Also (“Protos Cover”, a 2024 subsidiary): a licensed cyber-insurance agency selling SME / mid-market cyber cover in Singapore (expanding to MY / AU / TH), bundling Protos AI as a value-add. So they have already climbed Intelligence → distribution of cover — for cyber, on (agency) carrier paper, without holding the balance sheet. (protoscover.com.sg)
- Founders: ex-Booz Allen Hamilton cybersecurity practice, intel-agency / OT-ISAC lineage — threat-intelligence practitioners, not actuaries and not (primarily) data/ML builders.
- Tech: a curated OSINT marketplace + model-agnostic orchestration of off-the-shelf LLMs (Azure OpenAI / Anthropic / Gemini) + a knowledge graph. The value is the investigation workflow, not an owned data substrate.
- Stage: seed (~US$2–3M, 2023), small team, mid-pivot — carrying both an insurtech heritage and a new agentic-investigation product.
Respect, don’t strawman: genuine CTI / national-security credibility, real Lloyd’s Lab / CSA / FWD validation, patents, an Asia-data angle, and a timely agentic + multi-LLM + freemium play. On cyber-threat investigation, they are strong — so we don’t play there.
The reframe: peril, not tool — and why our missing cyber decade doesn’t matter
Two one-line businesses, and they are not the same:
| Protos | Us | |
|---|---|---|
| AI is the… | tool — agents that investigate adversaries | subject — we price/transfer the risk agents create |
| Core question | Who is attacking, and how? | What could our own AI agents cost us — and how do we bound it? |
| Risk type | Adversarial (an attacker exists) | Mostly intrinsic / operational (no attacker) |
| Maturity | Cyber — ~a decade of tenure | AI-agent risk — net-new (2024+), zero tenure for anyone |
Why this neutralizes the tenure gap. Cyber risk rewards a decade of threat-intel scar tissue — which we don’t have and won’t fake. AI-agent risk is a different, newer category. The expertise it rewards is building and operating AI agents (we do — Meerkat, Contextful, the pipeline itself) and quantifying financial exposure (our financial-risk depth) — not cyber pedigree. In a new category, tenure in the old one can even be baggage: a CTI / “adversarial-risk” lens mis-frames agent risk, most of which has no adversary —
| AI-agent loss | Adversary? | Right lens |
|---|---|---|
| Model drift / hallucination causes a bad action | No | Operations / ML engineering |
| AI-provider outage → SLA-credit liability | No | Reliability + financial exposure |
| Autonomous agent moves money wrongly | No | Controls + financial risk |
| Prompt injection / poisoned MCP tool | Yes | Cyber (one input) |
Only the last row is “cyber.” The rest is operational + financial-risk engineering — our turf, not a threat-investigator’s. We don’t have ten years fighting hackers; we have depth building the agents that are now the risk.
Differentiation by axis
| Axis | Protos | Us — and why it holds |
|---|---|---|
| Lens | Defender / investigator (CTI, CISO-adjacent) | Builder / operator (CTO) — we know agent failure modes white-box because we ship them |
| Category | Cyber / adversarial-risk investigation | AI-agent financial-risk quantification & transfer |
| Financial risk | Sells conventional SME cyber cover (Protos Cover agency) + fraud investigation; not novel financial-risk modeling/transfer for the AI peril | Deep & owned — $ exposure, parametric triggers, loss modeling, risk-transfer, trading Rung 0, ILS tail |
| Data | Curated OSINT + orchestrate 3rd-party LLMs + knowledge graph | Owned real-time data engineering — independent probes (proprietary signal, not scraped), dependency/exposure graph, durable pipeline, first-party Meerkat telemetry, local-first (Contextful) |
| Output | An investigation conclusion (actor, infra) | A priced, tradeable, insurable financial exposure (the dollars + the hedge/cover) |
| Monetization | Enterprise SaaS | Sell the signal + trade it + attach cover + showcase fund |
| Distribution | Analyst-facing freemium | Developer / agent-native (API, SDK, MCP, insure(action)) + PLG |
White space (confirmed, not assumed)
Things Protos vacated or never entered, on the evidence:
- Financial-loss quantification — they walked away from dollar CRQ toward investigation. (Their fraud / supply-chain work is adversary investigation, not financial-exposure pricing — and their “supply chain” is compromised-vendor risk, not provider-reliability risk.)
- AI-agent / AI-system risk as the insured peril — they use agents (and Protos Cover insures cyber); neither models or transfers the risk of agents.
- Novel AI-peril risk-transfer — Protos Cover sells conventional SME cyber policies (agency); there is no parametric AI-provider-down / agent-liability cover, trading, or ILS.
- Owned data substrate + local-first-by-design — they integrate feeds and deploy flexibly; neither is a designed data-engineering moat.
Honest risks of this positioning
- If the buyer frames the problem as “cyber,” Protos wins. Hold the AI-agent financial-risk frame; on their frame we lose. Anchor every pitch to a non-cyber dollar pain (provider-down SLA credits, agent-liability loss).
- New category = education burden + smaller near-term budgets. Lead with a concrete, present dollar exposure, not a category lecture.
- Neither of us is insurance-native — that gap is a wash, but Protos has more carrier validation today. Our financial-quant framing helps; it is not a substitute for carrier relationships (beachhead-execution §3).
- Breadth is a focus risk. “Financial + data-eng + agent-native” must collapse to one wedge first: AI-provider-down financial exposure or agent-liability $ quantification.
- Don’t fight Protos Cover in its lane. SME cyber insurance distribution in Singapore is theirs — licensed, CSA-recognized, a head start. Win by the peril (AI-agent, not cyber), the buyer (AI-native companies + carriers + CFO/treasury, not SMEs buying cyber policies), and financial depth — and treat Protos Cover as the template proving the Singapore tech→cover path works.
Strengthening our profile & execution power
Protos didn’t win on pedigree alone — they converted it: ex-Booz Allen credibility → Lloyd’s Lab + CSA grant + FWD + patents → a licensed cover subsidiary (Protos Cover) with carrier relationships. That is real profile (standing to be believed) and execution power (licence, capacity, distribution). We don’t match it by out-cybering them — we build the equivalents in our category, and we leapfrog on the dimension neither of us owns.
Profile — the standing to be believed
| Protos has | We build the equivalent — in AI-agent financial risk |
|---|---|
| Cyber-insurance guides + CSA / Lloyd’s badges | Own the new category in public — the canonical “AI-agent financial-risk” thesis, operationalize IMDA’s agentic MGF, publish a public AI-uptime / incident index (the oracle as a cited public good — also answers the #18 oracle-integrity question), and a calibration / Brier track record from trading Rung 0 — an unfakeable credential Protos has no equivalent of |
| Lloyd’s Lab · CSA · FWD · AI Verify | The same badges, our lane — Lloyd’s Lab C17 (themes fit AI-agent / systemic), the IMDA AI-Assurance Sandbox (public co-branded proof), AI Verify accreditation, CSA recognition |
| Insurer relationships (Protos Cover) | Carrier validation as the credential — a data-feed pilot where our score sorts a carrier’s real losses; one non-scanning carrier is enough |
| (a gap they also have) | Close the insurance-native gap deliberately — a fractional underwriting / actuarial advisor (or FRM, per Expertise). The single most leveraged move, because it’s a gap Protos shares — closing it leapfrogs them where neither leads |
| Nexus / Protos AI / Protos Cover brand | Builder credibility, made visible — open-source the probe client + Meerkat cage (OpenHackersClub), speak the SG circuit, name a crisp flagship; our CTO / builder story is our native profile |
Execution power — ship, reach, transact, outpace
- Rent the capital; don’t get licensed. Protos took the heavy, regulated path (a licensed agency). We deliberately don’t — for the eventual AI-peril attach we rent capacity from a carrier / coverholder (the #18 “never the balance sheet” line). Lighter, faster, and it sidesteps the regulatory-ops weight — execution power by leverage, not licensing.
- Fund it without dilution. The FDE / services engine pays for the build (one engagement funds a hire — Sales Channels); layer CSA CyberCall / Startup SG Tech + compute credits. Clear the SG-residency / cap-table gate early — it’s what unlocks the big non-dilutive cheques.
- Distribute agent-native, not via a sales force. API / SDK / MCP + PLG self-serve to AI-native companies, OpenHackersClub community, and the home-turf carrier calendar (ITC Asia / SIRC / SICW / SFF) — cheaper and faster than an enterprise-agency motion.
- Use speed as the weapon. The agentic pipeline + FDE harness let a 3-engineer team out-execute on data / synthesis; ship the probe fleet + score on the 90-day plan, and trade the signal at Rung 0 for immediate feedback and revenue.
- Pick the track to the threat. Bootstrap vs VC is chosen at the proof point — but Protos Cover going live is exactly the “incumbent is moving” signal that tilts toward the VC track if this is a land-grab: raise to hire data + distribution ahead of revenue and win the new peril before Protos extends into it.
- Compound the moats only we have — first-party Meerkat telemetry (a signal no OSINT-integrator gets) and local-first (Contextful) for regulated-finance data residency.
The one strategic read: Protos Cover proves the Singapore tech→cover path works (de-risking ours) and signals an incumbent extending its footprint. So execution must be fast on the new peril — stand up profile (badges + a public track record) and a carrier pilot before Protos, or a hyperscaler, stretches cyber cover toward AI-agent risk.
Usable positioning lines
- “Protos investigates adversaries faster. We price and transfer the new financial risk your AI agents create.”
- “Cyber asks who’s attacking you. We ask what your own agents could cost you — and bound it.”
- “We don’t have ten years fighting hackers. We have depth building the AI agents that are now the risk — and the financial-risk engineering to price them.”
Bottom line
Protos owns cyber-threat investigation and SME cyber-cover distribution (Protos Cover) — concede both. Our ground is the financial risk AI agents create: newer, un-tenured, and squarely on our edges — a builder/operator (CTO) lens, deep financial-risk quantification, and owned data engineering, with first-party agent telemetry no OSINT-integrator has. Lead with a dollar-denominated AI-agent exposure (provider-down, agent-liability), hold the category line, and let the execution roadmap and the Map & Route thesis carry the rest.
Different competitor, different reframe. This doc is the cyber → AI-agent reframe vs Protos Labs. For AIUC — the closest comparable to our whole model (audit-based AIUC-1 certification + insurance = enterprise “confidence infrastructure”) — the reframe is enterprise audit → SMB programmable assurance, developed in Adoption Guarantee § AIUC.
See also Beachhead — Agentic AI-Risk Intelligence, Beachhead Execution, AI & Cyber-Risk Strategy — Map & Route, Adoption Guarantee, and Trading AI & Cyber Risk.