Roadmap
The phased plan, the live shot pipeline (deals, grants, programmes, events), and the dated execution timelines — combined. Strategy and the flywheel live in Strategy.
12-month milestone ribbon
Q3 2026 (Jul–Sep) is a locked product-development block. Grant pursuit and most external pushes sit before or after it; the demo-ready gate on 2026-09-30 is the hinge for everything in Q4.
timeline title Critical Milestones (2026 Jun → 2027 Q1) 2026 Jun : Company Formation : Positioning & deck : TIG ecosystem mapping : CISSP exam (Jun 16) 2026 Q3 (locked) : Product dev sprint : AI Verify accreditation opens : RSAC SG / CyberSG Innovation Day 2026 Q4 : Product demo-ready gate (Sep 30) : FI LOIs + CSA CyberCall : Apart fellowship application 2027 Q1 : FSTI 4.0 prep : Google Accelerator cohort : Apart fellowship cohort
Personal / founder credential tracks (FRM, CMU MSIT, GDE, OWASP-PR) are not on this ribbon by design — CISSP is the only credential on the company critical path. The founder’s individual credential + growth timeline lives in Founder Credentials & Growth.
Also tracked: SPS / research fellowship application (work sample: harness engineering, gctrl, pentest + smart-contract) and academic workshop tracks (DLS, RAIID, agent-based AI) via the OSS → arXiv preprint → workshop pipeline.
Shots
The live pipeline — concrete attempts we’re actively taking against the opportunities: pitches, deals, grant submissions, programme applications. The execution timelines below are the dated view of these same shots.
GTM playbook — pitch as critical enterprise infrastructure, not “an AI startup.” Get embedded in the cybersecurity network via ICE71 and land a design partner (an enterprise willing to test the secure layer on their systems, even unpaid). Then use that design partner to apply for CSA CyberCall (up to S$1M) or Startup SG Tech (S$400k POC / S$800k POV) to fund the heavy backend engineering — and run through the IMDA GenAI Sandbox to come out “regulatory-assured.”
Grants
Non-dilutive funding. Detailed timing is in the fundraising timeline below; the funding model (revenue sharing) is in Strategy · Fundraising.
Default to non-dilutive — via non-equity partners, not first-time-founder schemes. Startup SG Founder / its Accredited Mentor Partners (AMPs) are first-time-founder only → out for us. Go non-dilutive through partners who take zero equity instead: an enterprise theme-owner for CSA CyberCall, an FI lead applicant for MAS FSTI, or a grant consultant on a success-fee (not equity). Every grant below is open to experienced founders — no first-time-founder gate — unlike equity accelerators such as Antler.
| Grant / scheme | Fit | Confidence | Target & window | Notes |
|---|---|---|---|---|
| MAS FSTI 4.0 (AI/DA + RegTech) | Strong | – | FI-led co-funding; watch 2026 Q4 → 2027 | Needs an FI as lead applicant; FSTI 3.0 cutoff (2026-07-16) is forfeit — watch for 4.0 / extension. |
| CSA CyberCall | Strong | – | Up to S$1M co-funding; 2026 Q4 | Co-build a PoC with a large enterprise facing a security roadblock (e.g. agent cross-tenant data leak / PII); needs an end-user org as theme owner — lean on TIG relationships. |
| Startup SG Tech | Medium | – | S$400k (POC) / S$800k (POV); 2026 Q4 | Fund the defensible-IP backend (vector isolation, data masking, crypto access controls); deep-tech, rigorous 3-stage gauntlet (ROI → formal app → panel pitch). |
| SLINGSHOT (SWITCH / Enterprise SG) | Medium | Low | Prizes >S$2M + investor access; finals ~Oct 2026 | Competition route via the AI/cyber track (also an Events pitch stage). |
| EDB Enterprise Innovation Scheme | Backup | – | Opportunistic | If no FSTI cycle is open. |
| IMDA grants | Backup | – | Opportunistic | Sector-specific digital/AI programmes. |
| PSG (Productivity Solutions Grant) | Bootstrap | – | Opportunistic | Low strategic value but easy cashflow — “good to be paid.” |
Runway note: no grant revenue before ~Q1 2027; the Q3 2026 dev block needs a bridge — angel, income-sharing revenue, or a fast EDB-style grant outside FSTI.
Programmes and accelerators
Credibility, network, and distribution.
| Shot | Target outcome | Confidence | Window |
|---|---|---|---|
| ICE71 Accelerate (Singtel Innov8 + NUS Enterprise) | Embed in the region’s premier cybersecurity hub; enterprise-CISO network + specialist investors; find a design partner | – | Early-stage cohort intake |
| BLOCK71 AI Accelerate 2026 (NUS Enterprise + Microsoft, EnterpriseSG-backed) | Defer — decide later. VC-oriented; same NUS-Enterprise / Startup SG Tech grant already tracked in the Grants table, so no new funding route. 10-wk sprint + Investor Day; NUS Enterprise option on up to S$50k equity if grant awarded; ESG can convert up to 50% of grant to shares | – | Apply 2026-06-01 → 2026-07-31; cohort starts Sep 2026 |
| Google for Startups Accelerator — SEA (AI focus) | 3-mo equity-free; up to US$350k cloud credits, architectural reviews with Google Cloud / DeepMind SG, Trusted Tester access | – | AI cohorts through 2026 |
| IMDA GenAI Sandbox | Test the secure layer against SG’s Model AI Governance Framework for Agentic AI → position as “regulatory-assured” infrastructure | – | 2026 |
| IMDA Spark (SG:D accreditation) | Non-equity SG accreditation — priority IMDA grant processing, talent-hiring help, and government reference-customer demand (pitch to gov buyers) + ICM community. Eligible: SG ICM startup, < S$20M SG turnover / < S$100M group; no first-time-founder gate | – | Rolling enrolment |
| CyberSG TIG | Ecosystem entry (NUS + CSA) | – | Map Q2 → pitch Q4 |
| CyberBoost Next (CyberSG TIG) | Growth-stage cohort for SG cyber startups — scale, partner introductions, follow-on funding signals | – | 2027 cohort |
| AI Verify Foundation accreditation | Tested-vendor cohort | – | Opens 2026 Q3 |
| Antler Singapore (residency · Oct cohort) | Network + validate ideas across the cohort; pre-seed is secondary — Antler backs only ~20% of participants, so treat as a network/validation play, not a funding route (dilutive if taken) | – | Residency starts ~Oct 2026 |
| On Deck Fellowship (ODF28) | Non-dilutive, no equity — network + validate idea→conviction with 80–100 high-momentum builders; lifetime 3,000+ founder community + customer/teammate network; ~10-wk remote + 1-wk SF onboarding (pay-what-you-can, ~US$1k) | – | ODF28 ~Q3 2026 |
| Apart Lab Fellowship | Research credibility | – | App 2026-10-01 |
| SPS / research fellowship | Research track | – | Application in progress |
Events and pitch stages
Where we pitch, network, and get found.
Leadgen ICP at conferences — work the conference plus its side events and hackathons to find two buyer types: founders who need technical heavy-lifting (FDE delivery), and finance founders who need AI-native tools (Contextful / Meerkat).
| Shot | Target outcome | Confidence | Window |
|---|---|---|---|
| SLINGSHOT 2026 (SWITCH / Enterprise SG) | Transformative Digital Technologies track (AI / cyber) — grant prizes >S$2M + global investor access | Low | Finals ~Oct 2026 at SWITCH; apply ~mid-2026 (TBC) |
| SG AI Week / SuperAI (Singapore) — conf · side events · hackathons | AI-native founders + finance teams needing AI tooling; founders needing heavy-lifting; an FI partner for FSTI; advance Stripe — see the action plan | – | Jun 8–14, 2026 (core) |
| Token2049 — conf · side events · hackathons | Finance / web3 founders needing AI-native tools; web3 founders needing heavy-lifting | – | SG ~Oct 2026; Dubai ~Apr 2026 |
| RSAC 2026 — Singapore | Networking | – | 2026-07-20 |
| CyberSG Innovation Day | Highest-leverage SG cyber networking | – | ~2026 Q3 |
| Conference talks | Credibility + thought leadership | – | 2026 H2 |
Ecosystem presence — AI safety
Visibility and collaboration in Singapore’s AI-safety ecosystem — tight-knit and driven by public-private partnerships. Anchoring here is the “regulatory-assured” credibility moat behind the GTM: contribute into the institutions that set the assurance bar, so we’re a known quantity to the gatekeepers (and to government reference-customer demand) before the Q4 window. This overlaps the Programmes shots (AI Verify accreditation, IMDA GenAI Sandbox / Spark) and the network map — but this is the contribute-code-and-research angle, not just enrolment.
| Organization | What it actually is | Concrete first move | Window |
|---|---|---|---|
| Singapore AISI — Digital Trust Centre @ NTU | SG’s designated AI Safety Institute; member of the International Network of AISIs (SG/Japan/UK led the 3rd Joint Testing Exercise on agentic + multilingual model evals) | Publish an agent-evaluation writeup aligned to the 3rd Joint Testing Exercise via the OSS → arXiv → workshop pipeline; approach DTC for a research collaboration (it’s NTU’s national trust-tech R&D hub) | 2026 H2 → 2027 |
| AI Verify Foundation — Project Moonshot | Open-source LLM eval + red-team toolkit (moonshot + moonshot-data); anchors the assurance ecosystem | Open PRs to moonshot-data — new connectors / metrics / red-team recipes / cookbooks; implement IMDA’s Starter Kit for LLM-App Testing. An upstream PR is a citable credential and a direct line to the assurance gatekeepers | Now (rolling) |
| IMDA / AI Verify — Global AI Assurance Sandbox | Live since 7 Jul 2025 (from the Feb–May 2025 pilot pairing 17 deployers with 16 specialist testers); plus the AI Safety Red Teaming Challenge (IMDA × Humane Intelligence) | Apply as a specialist technical tester in the Sandbox; enter the next Red Teaming Challenge (multilingual / cultural-bias — the cohort that red-teamed Claude/Llama/SEA-LION); map Meerkat to the Model AI Governance Framework for Agentic AI (Jan 2026, updated May 2026) and submit a case study to the next refresh | 2026 |
| Industry associations — AiSP, SCS, SGTech, Lorong AI | Sector credibility + standards-setting + vertical reach | Join AiSP’s AI Community of Practice (secure / responsible AI-ML) and contribute to its body of knowledge; contribute to SCS’s AI Ethics & Governance BoK; use the association stage for talks | Ongoing |
Action — partnership exploration (sovereign-AI wedge). Open conversations with domain experts and the associations above to co-position as the AI-safety / sovereign-AI assurance authority. The wedge is concrete: Singapore’s National Multimodal LLM Programme (S$70M; IMDA + AI Singapore + A*STAR) and the open SEA-LION models mean there’s a sovereign stack that still needs independent red-teaming and assurance — exactly our lane. First moves: (1) publish a SEA-LION red-team / eval (mirrors the IMDA × Humane Intelligence challenge) as the calling-card artefact; (2) pair our security / eval depth with one domain expert per priority vertical (health, finance, gov) so the association’s stage carries distribution. Outcome to track: ≥1 co-authored artefact or co-run session per quarter that names us as the safety / sovereignty expert.
Execution timelines
Edit the ```mermaid gantt blocks below directly — they render natively in Obsidian and as interactive charts on the site.
critmarks hard dates (exams, deadlines, gates).
1. Hackathons & programmes
2. Fundraising
Runway risk: no grant revenue until earliest Q1 2027 — the Q3 dev block needs a bridge (angel, revenue, or a fast EDB-style grant outside FSTI).
3. Product launches
Two flagship products anchor the launch (see Strategy · Flagship products):
- Contextful — local-first agent context & memory, built on the Hakiri context engine + ETL pipelines (the data-flywheel moat, productized).
- Meerkat — guardrails/auditing for agents in finance & compliance (the governance/control-plane moat, productized).
Both are built inside the Q3 dev block and launch into the Q4 demo + grant window. The lead wedge (security-assessment + compliance-readiness engagement) is the FDE entry motion; the flagships are the systems those engagements deploy and expand on.
4. Credentials on the company critical path
On the critical path: CISSP only. It’s load-bearing for fractional-CISO trust and the exam is imminent (Jun 16). Every other credential track (FRM, CMU, GDE, OWASP-PR) is a personal / brand track deferred off the committed 7-month window — it must not compete with selling and the Q3 build for founder hours. To an investor or buyer, a multi-track credential Gantt signals “the founder is the deliverable”; those tracks live on the founder’s own roadmap, not this company one.
The full individual credential + growth timeline — CISSP alongside OWASP-PR, FRM I/II, CMU MSIT Privacy Eng, and GDE, with all the hard dates — is tracked separately in Founder Credentials & Growth. The commercial triage of which credentials are load-bearing vs. background is in Expertise · Credentials.