Risks We're Facing

V0 gives us the backbone: client config, ontology, operating spec, evidence lineage, and the front-end intelligence components. But our own guardrails say it plainly — "we do not need a living ontology in V0." The adjustment-not-regeneration behaviour, the ontology that proposes its own additions, the Theme/Hypothesis belief curve — these are scheduled for V1 phases starting after the V0 reservations land. An investor who sees a polished demo could reasonably assume the living parts are running. Mostly, they are not yet.

We sequence deliberately: V0 is "shaped like the final Vextrum" even before it is the final Vextrum — stable contracts, lineage, and proof first, so V1 is an extension rather than a rebuild. We reserve schema shapes in V0 (empty tables, zero migration) so the living layer bolts on without re-keying. And we are disciplined about demoing what runs, framing the rest as roadmap, not as shipped.

The series layer is moving from "carry-forward under an entity" to a deliberate generalisation (an anchor that can be an entity, a theme, or a thesis-confidence belief curve). That is the right design, but it is a live rebuild, and the most product-defining new step — Theme/Hypothesis coverage, the thing that turns a number into a moved belief — is explicitly "half the intelligence on the seam," with ownership still being settled on a call between two people. Seams are where projects bleed time.

We wrote the data contracts down before the rebuild, one-to-one with the CTO's tables, so both sides build against the same shapes. We froze V0 ("V0 stays untouched; in V0 we only reserve shapes") so the rebuild can't ripple into a migration. And we are forcing the ownership question — "who takes which half" — to a decision rather than letting it sit ambiguous at the seam.

Long-running compute, cold starts on serverless workers, multi-step async jobs, and state that has to survive a user closing the tab for twenty minutes — every one of these is a place a session can wedge. We have already found and fixed exactly this class of bug (an onboarding session that reached a stage without the data that stage needed, and spun forever). There are more like it. Each one, hit by a real client, reads as "the intelligence system can't keep itself running."

Defence-in-depth on the operational layer: heartbeats and idle windows that keep workers warm while a client is active, idempotent transitions, stale-op detection, and — the lesson from the bug above — never letting the UI spin forever; it self-heals or surfaces a retry. V0's explicit goal is "the first proper operating layer" with visibility into what happened in the pipeline and why, not a loose chain of jobs.

We arm the client to walk into an investment committee or a board with our Proof Card as the artifact. That is the value — and the danger. If the evidence chain is plausible but the synthesis on top of it is wrong, we don't just give a bad answer; we give a bad answer wearing the credibility of a citation trail. In high-stakes seats, that is the failure that ends relationships, and it travels by word of mouth.

The architecture is built to resist exactly this. Confidence is computed only from linked decision requirements and the metrics that test a thesis — never from free text — so the system cannot invent importance. Every output ships a Red Team panel: Known / Assumed / Missing / what-would-change-my-view, surfaced inline at the moment of action. Proof tiers and a source-trust hierarchy gate what is allowed to read as high-confidence. The product is designed to argue against itself before the client does.

Blind Spots are a first-class control plane: we tell the client what we can't see. The moment we render "covered on X" for an area we are not actually covering well, we've manufactured exactly the expensive-miss the feature exists to prevent — and we did it with authority. The detector is only as honest as the source universe and the ontology behind it.

Coverage is derived from the same evidence lineage as everything else, not asserted. Source discovery is adversarial and revisited, not one-shot. The ontology can propose its own additions when extraction repeatedly hits concepts it doesn't understand — closing the gap between "what the client's world contains" and "what our map contains" over time, with the user approving each patch.

We store strategic questions, theses with confidence levels, monitored entities and the evidence behind them — per client, in one system. A leak wouldn't just embarrass; it could be market-moving or expose a client's competitive position. And because the value of the data is so high, we are a more attractive target than our size would suggest.

Strict tenant isolation as a first principle — today the workspace is the hard scope boundary, and even as we add cross-workspace entity identity for portfolios, the data boundary stays tenant-scoped. Least-privilege access to client universes, encrypted storage, scoped credentials, and a deliberately small surface of who can touch raw client data. Security posture is treated as a product requirement, not an afterthought, because for this clientele it is the product.

"Market intelligence" and "monitoring" are a graveyard of vitamins — bought in good years, cut first in bad ones, because no one can draw a straight line from them to a dollar saved or a decision defended. If we let ourselves be filed in that drawer, we get priced low, compared on feeds-and-features, and churned the first time a budget tightens.

We engineer the pain to land before the customer rationalises us as a vitamin: surface the Red Team inline the instant someone acts on a card; quantify the catch ("this reached you 9 days before the press"); keep a persistent coverage scoreboard so absence is felt, not assumed; make the Proof Card the artifact they bring to the committee; and fire proactively when something that would change a held view appears. We sell the two acute pains — un-defendable conviction and unknown blindness — not the feature list.

Procurement, security review, pilots, and the simple fact that a new name in a high-trust seat carries a credibility tax. Long cycles burn runway and make early revenue lumpy and concentration-prone.

Lead with a sharp wedge per vertical — for government, a tender-driven entry where deadlines and eligibility are first-class and the value is unambiguous and time-boxed. Use the Proof Card and a live blind-spot scoreboard as the pilot's "show, don't tell." Land on one acute decision, expand into the universe. Borrow credibility through design and rigour until we have references.

The current wave of "ask our terminal a question" features gets us compared to giants on a single capability. A well-funded incumbent could bolt a proof-lite narrative onto an existing data moat and claim the same territory with far more distribution.

Our defensibility isn't any single capability — extraction, monitoring, dashboards all exist. It's the closed loop with evidence lineage, mapped to a specific client's decision universe: client intent → operating spec → discovery → triage → extraction → synthesis → proof → challenge → action → the system adapts. The compounding assets are the per-client living ontology and the accumulated evidence/decision memory — an analyst team that remembers how this client thinks. That is expensive to replicate per account and gets stickier with time, which is the opposite of a commodity.

LLMs touch extraction, synthesis, and the language of every output. Any of those is a place an unsupported claim can enter wearing the costume of a sourced fact.

We constrain the model rather than trust it: evidence is an interface — every decision requirement must be answered by a real document or a real metric, with a provenance reference, or it doesn't count. Confidence derives only from those linked requirements and metrics, never from generative text. Extraction is structured and traceable to a source quote/excerpt. The system's job is to ground and cite, not to opine.

Pricing moves, rate limits, deprecations, or a quiet quality regression in a hosted model can hit accuracy and margin at once. Concentration on one provider is a single point of failure for the whole product.

A gateway abstraction over providers with fallback/round-robin so no single model is load-bearing; the heavy reasoning is separable from any one vendor; and because confidence is computed from evidence rather than vibes, a model swap changes wording far more than it changes conclusions. Cost is engineered (tiered model use, caching, doing cheap classification before expensive synthesis).

A macro fund thinks in regimes, a thematic fund in trends across many names, credit in capital structure, a corporate team in competitive narrative, government in tenders and eligibility. Serving all of them from one architecture is a real test: a too-thin abstraction produces intelligence that feels generic to a specialist, who will choose a deep point-solution over a broad one.

The generality is principled, not cosmetic: verticals share one backbone and differ in vocabulary, priorities, source expectations, alert rules, active pillars, and operating-spec interpretation — not in three separate products. The Operating Spec is the per-client control layer that turns the same engine into a tender-alerting system, a thesis monitor, or a market-entry watch. We prove depth on a lead vertical first and let the shared backbone earn the next one, rather than claiming all of them on day one.

Scraping restrictions, API terms, content licensing, and the evolving legal posture toward machine ingestion of third-party content all bear directly on what we can source. A key feed changing its terms, or a rights challenge, can degrade coverage or create legal exposure.

Source trust and proof tiers are governed per client by the Operating Spec, not hardcoded — so the source-of-record can be tuned by domain (crypto, private markets, and OSINT can legitimately relax a rigid Tier-1 floor) while staying explicit and auditable. We diversify feeds so no single source is load-bearing, prefer licensed and primary sources where stakes are high, and keep provenance on every signal so a rights or quality problem is traceable and removable.

Tracking named people and organisations as first-class entities raises GDPR and OSINT-on-individuals questions; emerging AI regulation may classify decision-influencing or profiling systems as higher-risk, with transparency and governance obligations. Government and asset-tracing work raises the bar further.

Our architecture is, fortunately, built for explainability: full evidence lineage, a stated Known/Assumed/Missing posture, and human-in-the-loop decisions (the system proposes, the user decides) are precisely what AI governance regimes ask for. We keep humans on consequential calls, source from legitimate channels, minimise and scope personal data to what the client's stated purpose requires, and treat compliance as a design input — not a retrofit.

We must not become an unlicensed investment adviser, a conduit for MNPI, or a defamation risk when we characterise a named company or person. And because clients make real decisions on our intelligence, a bad call invites "you told us so" liability.

We are an evidence and intelligence layer, explicitly not an adviser: we surface sourced signals, expose assumptions, and leave the decision — and the accountability — with the client, by design. We source from public/licensed channels and keep provenance to stay clear of MNPI and to defend characterisations. Contracts set the scope of reliance. The product's honesty (Known/Assumed/Missing) is also our best legal posture: we never claim certainty we don't have.

LLM calls across the pipeline plus long-running workers are the dominant cost, and they grow with the size of the source universe and the cadence of refresh. Priced wrong, scale makes the loss bigger, not smaller.

We design the pipeline to spend compute where it earns its keep: cheap classification before expensive synthesis, adjustment-not-regeneration (we don't rebuild a universe when a client makes a small change — we surgically adjust the affected branches), tiered model use, caching, and reservation-based scaling. The Operating Spec governs what is worth monitoring closely vs. what stays background, so we don't pay premium attention to low-value signal. And the target buyer is an institution for whom one prevented expensive miss dwarfs the subscription.

Onboarding, config, ontology, operating spec and front end sit with the CPO; ingestion, extraction and the series layer with the CTO; and the Theme/Hypothesis coverage step — "half the intelligence" — straddles both. If either person is unavailable, or the seam stays ambiguous, momentum and quality are at risk. Knowledge that lives only in conversation doesn't survive a bus.

We write the spine down: contracts, guardrails, roadmaps and design docs are explicit and versioned, so intent outlives any single conversation. We force seam decisions ("who takes which half") to be made, not assumed. We reserve schema shapes early so work can proceed in parallel without blocking. And the medium-term answer is deliberate hiring against exactly these concentration points.

Under-trust: a sceptical analyst treats us as background noise and the product never reaches the decision. Over-trust: a client outsources judgement to the system and is blindsided when it's wrong. And the honest version of the product proactively challenges held views — valuable, but psychologically harder to adopt than a tool that flatters.

We position as the analyst's instrument, not their replacement — the thing they present with at the moment of accountability. The Proof Card builds earned trust (every claim is inspectable), and the Red Team explicitly guards against over-trust by always showing what would change the conclusion. We make the system challenge beliefs with evidence, which is far easier to accept than an unsupported contradiction.

Government and asset-tracing work especially invites a "surveillance company" framing; a high-profile wrong call about a named person or entity is both a legal and a reputational event; and powerful tooling can be put to uses we'd refuse to endorse.

We anchor on legitimate sources, evidence, and transparency rather than covert collection — our brand is defensibility, which is the opposite of shadowy. We choose clients and use-cases deliberately, keep humans accountable for consequential calls, and hold the same Known/Assumed/Missing honesty about people and entities that we hold about theses. The discipline that makes us trustworthy to clients is the same discipline that keeps us on the right side of the optics.