Roadmap

The phased plan, the live shot pipeline (deals, grants, programmes, events), and the dated execution timelines — combined. Strategy and the flywheel live in Strategy.

12-month milestone ribbon

Q3 2026 (Jul–Sep) is a locked product-development block. Grant pursuit and most external pushes sit before or after it; the demo-ready gate on 2026-09-30 is the hinge for everything in Q4.

timeline
  title Critical Milestones (2026 Jun → 2027 Q1)
  2026 Jun : Company Formation : Positioning & deck : TIG ecosystem mapping : CISSP exam (Jun 16)
  2026 Q3 (locked) : Product dev sprint : AI Verify accreditation opens : RSAC SG / CyberSG Innovation Day
  2026 Q4 : Product demo-ready gate (Sep 30) : FI LOIs + CSA CyberCall : Apart fellowship application
  2027 Q1 : FSTI 4.0 prep : Google Accelerator cohort : Apart fellowship cohort

Personal / founder credential tracks (FRM, CMU MSIT, GDE, OWASP-PR) are not on this ribbon by design — CISSP is the only credential on the company critical path. The founder’s individual credential + growth timeline lives in Founder Credentials & Growth.

Also tracked: SPS / research fellowship application (work sample: harness engineering, gctrl, pentest + smart-contract) and academic workshop tracks (DLS, RAIID, agent-based AI) via the OSS → arXiv preprint → workshop pipeline.

Shots

The live pipeline — concrete attempts we’re actively taking against the opportunities: pitches, deals, grant submissions, programme applications. The execution timelines below are the dated view of these same shots.

GTM playbook — pitch as critical enterprise infrastructure, not “an AI startup.” Get embedded in the cybersecurity network via ICE71 and land a design partner (an enterprise willing to test the secure layer on their systems, even unpaid). Then use that design partner to apply for CSA CyberCall (up to S$1M) or Startup SG Tech (S$400k POC / S$800k POV) to fund the heavy backend engineering — and run through the IMDA GenAI Sandbox to come out “regulatory-assured.”

Grants

Non-dilutive funding. Detailed timing is in the fundraising timeline below; the funding model (revenue sharing) is in Strategy · Fundraising.

Default to non-dilutive — via non-equity partners, not first-time-founder schemes. Startup SG Founder / its Accredited Mentor Partners (AMPs) are first-time-founder only → out for us. Go non-dilutive through partners who take zero equity instead: an enterprise theme-owner for CSA CyberCall, an FI lead applicant for MAS FSTI, or a grant consultant on a success-fee (not equity). Every grant below is open to experienced founders — no first-time-founder gate — unlike equity accelerators such as Antler.

Grant / schemeFitConfidenceTarget & windowNotes
MAS FSTI 4.0 (AI/DA + RegTech)StrongFI-led co-funding; watch 2026 Q4 → 2027Needs an FI as lead applicant; FSTI 3.0 cutoff (2026-07-16) is forfeit — watch for 4.0 / extension.
CSA CyberCallStrongUp to S$1M co-funding; 2026 Q4Co-build a PoC with a large enterprise facing a security roadblock (e.g. agent cross-tenant data leak / PII); needs an end-user org as theme owner — lean on TIG relationships.
Startup SG TechMediumS$400k (POC) / S$800k (POV); 2026 Q4Fund the defensible-IP backend (vector isolation, data masking, crypto access controls); deep-tech, rigorous 3-stage gauntlet (ROI → formal app → panel pitch).
SLINGSHOT (SWITCH / Enterprise SG)MediumLowPrizes >S$2M + investor access; finals ~Oct 2026Competition route via the AI/cyber track (also an Events pitch stage).
EDB Enterprise Innovation SchemeBackupOpportunisticIf no FSTI cycle is open.
IMDA grantsBackupOpportunisticSector-specific digital/AI programmes.
PSG (Productivity Solutions Grant)BootstrapOpportunisticLow strategic value but easy cashflow — “good to be paid.”

Runway note: no grant revenue before ~Q1 2027; the Q3 2026 dev block needs a bridge — angel, income-sharing revenue, or a fast EDB-style grant outside FSTI.

Programmes and accelerators

Credibility, network, and distribution.

ShotTarget outcomeConfidenceWindow
ICE71 Accelerate (Singtel Innov8 + NUS Enterprise)Embed in the region’s premier cybersecurity hub; enterprise-CISO network + specialist investors; find a design partnerEarly-stage cohort intake
BLOCK71 AI Accelerate 2026 (NUS Enterprise + Microsoft, EnterpriseSG-backed)Defer — decide later. VC-oriented; same NUS-Enterprise / Startup SG Tech grant already tracked in the Grants table, so no new funding route. 10-wk sprint + Investor Day; NUS Enterprise option on up to S$50k equity if grant awarded; ESG can convert up to 50% of grant to sharesApply 2026-06-01 → 2026-07-31; cohort starts Sep 2026
Google for Startups Accelerator — SEA (AI focus)3-mo equity-free; up to US$350k cloud credits, architectural reviews with Google Cloud / DeepMind SG, Trusted Tester accessAI cohorts through 2026
IMDA GenAI SandboxTest the secure layer against SG’s Model AI Governance Framework for Agentic AI → position as “regulatory-assured” infrastructure2026
IMDA Spark (SG:D accreditation)Non-equity SG accreditation — priority IMDA grant processing, talent-hiring help, and government reference-customer demand (pitch to gov buyers) + ICM community. Eligible: SG ICM startup, < S$20M SG turnover / < S$100M group; no first-time-founder gateRolling enrolment
CyberSG TIGEcosystem entry (NUS + CSA)Map Q2 → pitch Q4
CyberBoost Next (CyberSG TIG)Growth-stage cohort for SG cyber startups — scale, partner introductions, follow-on funding signals2027 cohort
AI Verify Foundation accreditationTested-vendor cohortOpens 2026 Q3
Antler Singapore (residency · Oct cohort)Network + validate ideas across the cohort; pre-seed is secondary — Antler backs only ~20% of participants, so treat as a network/validation play, not a funding route (dilutive if taken)Residency starts ~Oct 2026
On Deck Fellowship (ODF28)Non-dilutive, no equity — network + validate idea→conviction with 80–100 high-momentum builders; lifetime 3,000+ founder community + customer/teammate network; ~10-wk remote + 1-wk SF onboarding (pay-what-you-can, ~US$1k)ODF28 ~Q3 2026
Apart Lab FellowshipResearch credibilityApp 2026-10-01
SPS / research fellowshipResearch trackApplication in progress

Events and pitch stages

Where we pitch, network, and get found.

Leadgen ICP at conferences — work the conference plus its side events and hackathons to find two buyer types: founders who need technical heavy-lifting (FDE delivery), and finance founders who need AI-native tools (Contextful / Meerkat).

ShotTarget outcomeConfidenceWindow
SLINGSHOT 2026 (SWITCH / Enterprise SG)Transformative Digital Technologies track (AI / cyber) — grant prizes >S$2M + global investor accessLowFinals ~Oct 2026 at SWITCH; apply ~mid-2026 (TBC)
SG AI Week / SuperAI (Singapore) — conf · side events · hackathonsAI-native founders + finance teams needing AI tooling; founders needing heavy-lifting; an FI partner for FSTI; advance Stripe — see the action planJun 8–14, 2026 (core)
Token2049 — conf · side events · hackathonsFinance / web3 founders needing AI-native tools; web3 founders needing heavy-liftingSG ~Oct 2026; Dubai ~Apr 2026
RSAC 2026 — SingaporeNetworking2026-07-20
CyberSG Innovation DayHighest-leverage SG cyber networking~2026 Q3
Conference talksCredibility + thought leadership2026 H2

Ecosystem presence — AI safety

Visibility and collaboration in Singapore’s AI-safety ecosystem — tight-knit and driven by public-private partnerships. Anchoring here is the “regulatory-assured” credibility moat behind the GTM: contribute into the institutions that set the assurance bar, so we’re a known quantity to the gatekeepers (and to government reference-customer demand) before the Q4 window. This overlaps the Programmes shots (AI Verify accreditation, IMDA GenAI Sandbox / Spark) and the network map — but this is the contribute-code-and-research angle, not just enrolment.

OrganizationWhat it actually isConcrete first moveWindow
Singapore AISIDigital Trust Centre @ NTUSG’s designated AI Safety Institute; member of the International Network of AISIs (SG/Japan/UK led the 3rd Joint Testing Exercise on agentic + multilingual model evals)Publish an agent-evaluation writeup aligned to the 3rd Joint Testing Exercise via the OSS → arXiv → workshop pipeline; approach DTC for a research collaboration (it’s NTU’s national trust-tech R&D hub)2026 H2 → 2027
AI Verify FoundationProject MoonshotOpen-source LLM eval + red-team toolkit (moonshot + moonshot-data); anchors the assurance ecosystemOpen PRs to moonshot-data — new connectors / metrics / red-team recipes / cookbooks; implement IMDA’s Starter Kit for LLM-App Testing. An upstream PR is a citable credential and a direct line to the assurance gatekeepersNow (rolling)
IMDA / AI VerifyGlobal AI Assurance SandboxLive since 7 Jul 2025 (from the Feb–May 2025 pilot pairing 17 deployers with 16 specialist testers); plus the AI Safety Red Teaming Challenge (IMDA × Humane Intelligence)Apply as a specialist technical tester in the Sandbox; enter the next Red Teaming Challenge (multilingual / cultural-bias — the cohort that red-teamed Claude/Llama/SEA-LION); map Meerkat to the Model AI Governance Framework for Agentic AI (Jan 2026, updated May 2026) and submit a case study to the next refresh2026
Industry associationsAiSP, SCS, SGTech, Lorong AISector credibility + standards-setting + vertical reachJoin AiSP’s AI Community of Practice (secure / responsible AI-ML) and contribute to its body of knowledge; contribute to SCS’s AI Ethics & Governance BoK; use the association stage for talksOngoing

Action — partnership exploration (sovereign-AI wedge). Open conversations with domain experts and the associations above to co-position as the AI-safety / sovereign-AI assurance authority. The wedge is concrete: Singapore’s National Multimodal LLM Programme (S$70M; IMDA + AI Singapore + A*STAR) and the open SEA-LION models mean there’s a sovereign stack that still needs independent red-teaming and assurance — exactly our lane. First moves: (1) publish a SEA-LION red-team / eval (mirrors the IMDA × Humane Intelligence challenge) as the calling-card artefact; (2) pair our security / eval depth with one domain expert per priority vertical (health, finance, gov) so the association’s stage carries distribution. Outcome to track: ≥1 co-authored artefact or co-run session per quarter that names us as the safety / sovereignty expert.

Execution timelines

Edit the ```mermaid gantt blocks below directly — they render natively in Obsidian and as interactive charts on the site. crit marks hard dates (exams, deadlines, gates).

1. Hackathons & programmes

2. Fundraising

Runway risk: no grant revenue until earliest Q1 2027 — the Q3 dev block needs a bridge (angel, revenue, or a fast EDB-style grant outside FSTI).

3. Product launches

Two flagship products anchor the launch (see Strategy · Flagship products):

  • Contextful — local-first agent context & memory, built on the Hakiri context engine + ETL pipelines (the data-flywheel moat, productized).
  • Meerkat — guardrails/auditing for agents in finance & compliance (the governance/control-plane moat, productized).

Both are built inside the Q3 dev block and launch into the Q4 demo + grant window. The lead wedge (security-assessment + compliance-readiness engagement) is the FDE entry motion; the flagships are the systems those engagements deploy and expand on.

4. Credentials on the company critical path

On the critical path: CISSP only. It’s load-bearing for fractional-CISO trust and the exam is imminent (Jun 16). Every other credential track (FRM, CMU, GDE, OWASP-PR) is a personal / brand track deferred off the committed 7-month window — it must not compete with selling and the Q3 build for founder hours. To an investor or buyer, a multi-track credential Gantt signals “the founder is the deliverable”; those tracks live on the founder’s own roadmap, not this company one.

The full individual credential + growth timeline — CISSP alongside OWASP-PR, FRM I/II, CMU MSIT Privacy Eng, and GDE, with all the hard dates — is tracked separately in Founder Credentials & Growth. The commercial triage of which credentials are load-bearing vs. background is in Expertise · Credentials.