30 Companies. 30 Days.
Every build documented. Every stack choice explained. Every lesson public.
CensusSecurity
Every SMB security and resilience framework starts with the same question — what are your critical systems, and what does an hour of downtime cost you? — and almost no SMB can answer it. The Business Impact Analysis is the foundation of every continuity, disaster-recovery, cyber-insurance, and third-party-risk program, and it is the step everyone skips, because doing it the traditional way means months of consulting hours nobody budgeted for. So the BIA either doesn't exist, or it's a stale document from three vendors ago that no longer matches the business. The auditor, the insurer, or the incident finds the gap at the worst possible time. The deeper structural problem is the buyer: the SMB is not equipped to produce a defensible BIA on its own, and shouldn't have to become a security expert to get one. The party that already serves them — the MSSP or vCISO practice — is the right place for this capability to live, but the providers have been stuck doing BIAs by hand, one expensive engagement at a time, which is why most of their SMB book has no current BIA at all. CensusSecurity automates the analysis and editions it for both sides of that relationship: an SMB Edition for the business and an MSSP Edition for the provider running it across a book of clients — so a defensible, framework-aligned BIA goes from a months-long consulting project to a same-day artifact.
TIE Connect Napkin Winner — name withheld
The napkin contest at TIE Connect this month was a simple format: pitch the idea on a napkin, and the room helps pick the one worth building. The winner is not a brand-new idea on a brand-new domain. It's an existing platform with years of compounding network effects, a real user base, and a founder who has been building the same audience long enough that the data itself is the moat. The problem the winning pitch identified isn't 'this needs to exist' — it already exists and works — it's that the next phase of growth is gated behind one missing capability, the kind of module that is expensive and slow to build the traditional way and is exactly the sort of thing an AI-native, additive engagement can deliver fast without touching the parts that already work. That's a different shape of problem than a 30-day cold start, and it's the shape Silverback expects more of its work to take: not rebuild the platform, add the one surgical piece that unlocks the next phase, leave the existing stack and the existing network intact.
PIM
Angel investors lose money in a predictable way. They back the founder they connect with, in the industry they happen to know, at the valuation they happened to be offered — and they call the pattern instinct. The disciplined ones don't; they screen every opportunity against their own criteria before a dollar moves. Karen Rands has spent two decades teaching exactly that discipline through the Compassionalist Academy — a deal-screening framework that scores an opportunity against the investor's real capital capacity, the industries they actually understand, and the deal stages and structures they're equipped to underwrite. The framework worked, but it lived in an Excel workbook, and an Excel workbook does not onboard the next thousand investors, does not enforce the method when the investor is tempted to skip it, and does not travel past the people Karen can personally train. The cost of the missing discipline is concentrated and real: the single most common way an angel check goes to zero is an investor abandoning their own stated criteria the moment a charismatic founder is in the room. PIM makes the methodology repeatable: build an investor profile once, then score every deal against it and get back a single, explainable signal — not a prediction, not advice, a discipline check the investor can audit.
PodToBook
A podcaster with a few hundred episodes has already written a book — they just haven't assembled it. The words exist, in order, in their own voice, sitting in transcripts nobody has turned into anything. Historically the gap between 'I have 150 episodes' and 'I have a book' was a services business: a ghostwriter or editor working through hours of audio at thin margins, a months-long engagement, a price point that only made sense for hosts who were already famous. That math kept the overwhelming majority of podcasters' back catalogs locked up as audio that depreciates the day after it publishes. The structural insight is that the expensive part — clean, structured, searchable transcripts of every episode — is already produced as a byproduct of putting a podcast online the modern way. Once that pipeline exists and the drafting is done by AI rather than billed by the hour, the economics flip: assembling a book from a back catalog stops being a bespoke services engagement and becomes a productized bolt-on. PodToBook is that bolt-on — same source material as the show's website, a different output, run by its own operator.
SundaySync
Every household runs the same ritual and most of them hate it: the Sunday-night scramble to reconcile the week ahead — who's where, what's due, who drives whom, what's for dinner, which kid has which practice, which parent has which conflict. The information is scattered across a shared calendar, three group texts, a fridge whiteboard, and two people's memories, and the reconciliation is manual, repetitive, and just important enough that getting it wrong costs a missed pickup or a double-booked evening. Existing tools make it worse, not better: shared calendars are passive databases that still require a human to do the cross-referencing, and family-organizer apps optimize for engagement — more notifications, more time in the app — which is exactly backwards for a problem whose entire point is to free up the evening. The product that actually solves this has to be measured by time off the app, not on it: it should collapse the planning into the smallest possible interaction window, surface only the conflicts and decisions that need a human, and then get out of the way so the family can spend Sunday evening together instead of negotiating a calendar.
ConnoisseurPlatform / Unshucked
Beer drinkers have Untappd. Wine drinkers have Vivino. Spirits enthusiasts have Distiller. Coffee has Beanhunter. Oysters — a category with strong regional identity (a Wellfleet from Cape Cod tastes nothing like a Kumamoto from the Pacific Northwest, and any oyster eater past their first dozen knows it), working-knowledge depth (briny / mineral / creamy / sweet / mild is a real flavor-profile vocabulary used by raw-bar staff every night), and a passionate enthusiast base (roughly 500,000 active oyster consumers in the US) — have no social-discovery platform built for them. The category lives on static guidebooks, word-of-mouth in coastal cities, and the working memory of the raw-bar staff who served you last weekend. Try to remember which Beausoleil you had in Portland six months ago and which raw bar served the Pemaquid you actually liked, and the answer is the same answer every oyster eater has: I don't remember. The discovery layer the category never got is the problem. Unshucked is the answer scoped to oysters; ConnoisseurPlatform is the expansion architecture that does the same for steaks, BBQ, craft spirits, cheese, and cigars once the oyster category has earned the right.
SapphireInvestments
A self-directed retail investor today sits between two bad options. Robo-advisors are formulaic, fee-extracting, allocation-and-rebalance products built for the median user — they explicitly will not generate alpha. The hedge-fund quant systems that actually find asymmetry are walled off behind two-and-twenty, accredited-investor minimums, and institutional plumbing. The middle is where the audience actually lives: investors who want institutional-quality signal generation, transparent methodology, and the right to either execute the trade themselves OR — if they qualify — hand the execution off to an AI that respects the rule set. Today the middle has no real option. Pattern day-trading platforms surface raw data without strategy framing. SeekingAlpha and Trading Central produce publisher-style commentary without strategy attribution or risk parameters. The robo-advisor model is custody-plus-allocation; the active-signal-generation product the audience actually wants does not exist at $99–$299/month with regulator-correct disclosure framing. Sapphire fills that middle. Five pluggable strategy engines, signal stream with confidence scoring and risk parameters, paper-trading-validated performance with explicit disclosures, accredited-investor-gated autonomous-execution tier on the roadmap, Alpaca on the custody side. Institutional-grade quantitative signals, retail-accessible price, regulator-correct architecture — three-clause GTM compressed.
crochetgraphic
A meaningful photo — a grandchild, a beloved pet, the portrait of someone in chemo — is the start of a comfort blanket. Turning that photo into a workable crochet pattern is the part most crocheters never finish. The arithmetic is brutal: reduce the image to three or four yarn-appropriate colors, fit it to a standard blanket size, account for the 1.3-to-1 stitch aspect ratio so the picture does not squash, count every stitch by color, work out the yardage, convert that to skeins of the right yarn weight, and write out row-by-row instructions in a form a human can actually follow with a hook in one hand. That work is hours and most of it is wrong on the first pass. For a crocheter whose unit of caring is finished blankets — Knots of Love chapter volunteers, oncology craft-room teams, hospice volunteers, photo-memorial commissioners — the math is the wall between the photo on the phone and the blanket on a real person's lap. crochetgraphic is the workflow that replaces the wall with one drag-drop: drop a photo in, pick the blanket size from baby to king, pick the yarn weight from lace to jumbo, and get a printable PDF pattern with a stitched grid keyed to letters A through F, row-by-row scanline instructions that alternate left-to-right and right-to-left in proper single-crochet form, a yarn requirements table broken down by color with stitches / yards / skeins, and a row-completion tracker that turns a 6,000-stitch throw from an unstructured cliff into a project with a finish line. The operator-domain expert at the table is Beth Gaan of Knots of Love for Cancer — comfort blankets for cancer patients — and the tool is built around her workflow.
PatentFlow
A boutique or mid-size IP firm runs on four to eight disconnected tools. One product handles prior-art search; another handles drafting; a separate docketing system tracks deadlines; a different platform does infringement analysis; litigation support lives somewhere else again. The fragmentation is structural — patent prosecution tools ignore litigation, drafting assistants do not track statutory deadlines, and infringement platforms never connect back to the prosecution record. Every handoff between tools is a re-keyed copy of the same matter, and every re-key is an opportunity for a docket date, a claim number, or a priority date to drift. The cost is real: a mid-size IP firm spends an estimated $200,000–$500,000 a year on its IP technology stack, with integration overhead alone running 20–30% of that budget, and the average cost to draft and prosecute a single patent application sits around $15,000. Meanwhile the competitive landscape is entirely point solutions — every vendor addresses one or two modules and leaves the firm to stitch the rest together. PatentFlow is the full IP lifecycle in one platform: six integrated modules where each module hands the next a structured record instead of a re-keyed copy, so the prosecution history is in the system when the infringement analysis needs it. Inference runs on Claude via AWS Bedrock — the enterprise-tier contractual envelope that matters doubly for patent work, where the inputs are both privileged attorney work product and pre-grant trade secrets whose value depends on not being publicly disclosed before filing.
CrewSheet
Every Part 91 corporate flight department and Part 135 charter operator closes every flight the same way. The crew shuts down, climbs out, and a pilot — usually the PIC, sometimes the SIC, often whoever is least tired — hand-fills a paper or PDF aircraft log sheet from the panel: total flight time, fuel quantity remaining, fuel used, Hobbs delta, cycles, route, crew assignments. Then the same numbers get re-keyed into ForeFlight for the pilot logbook. Then the same numbers get re-keyed into CAMP Systems (or Veryon, or Traxxall) for the maintenance tracking program. Three transcriptions, three opportunities for the wrong number to land in the wrong system, three opportunities for the airframe-total-time number that drives the next inspection interval to drift from what's actually on the panel. 14 CFR 91.417 requires Part 91 operators to keep accurate total time in service on the airframe and every life-limited part. 14 CFR 135.63 requires Part 135 operators to keep load manifests for 30 days and pilot records for 12 months. 14 CFR 1.1 defines time in service as wheels-up to wheels-down — not Hobbs, not block time — and the data model has to keep all three because maintenance tracking, pilot logging, and operator scheduling each use a different one. The paper-and-re-key workflow that produced these records when flight departments ran on greaseboards is the same workflow most departments still run today. A 10-tail Part 135 shop flying 60 legs a month is shipping roughly 600 pilot-hours a year into transcription. The cost is real, the error rate is real, and the audit posture under the next FAA records check is exactly as good as the most tired pilot on the worst Tuesday of the month. CrewSheet is the photo-driven capture layer that replaces the three transcriptions with one workflow: the crew snaps photos of the glass-cockpit panel and the Hobbs meter at engine shutdown; CrewSheet extracts flight data via Claude Vision over AWS Bedrock, validates against prior-flight totals and the aircraft's running airframe time using eight purpose-built validation rules, and produces three signed outputs — a printable PDF aircraft log sheet (with 14 CFR 135.63(c) load-manifest fields rendered for Part 135 legs), a ForeFlight-compatible logbook CSV (one row per pilot-flight pair), and a CAMP Systems-formatted maintenance update (Phase 1 CSV; Phase 2 CAMP API direct push). One photo workflow at engine shutdown. Three systems reconciled by construction. The audit log captures every state transition per 14 CFR 91.417 and 135.439.
PlanWright
Every engineering organization is stuck staring into the same chasm. On the near side: humans writing pull requests, peer reviewers checking code, QA running test suites, sprint ceremonies, two-week cycles, twenty-page PRDs nobody reads. On the far side: humans set objectives at the top, coding agents do the implementation in the middle, humans accept results at the bottom, and a cryptographic audit log runs through the whole thing. Both processes work. The far side is faster by an order of magnitude. The bridge — the tool that lets a production team cross the chasm without breaking audit chain — does not exist. Jira was built for human ceremonies. Linear assumes a human author on every issue. GitHub PRs assume the code was written by an authenticated user. Notion is a document store. Asana is a task tracker. None of them enforce the human-bookend pattern (a human issues every objective, a human accepts every result, agents do the implementation in between). None of them log a cryptographic chain of custody on the status transitions. None of them treat a coding agent as a first-class actor with claim-and-return semantics. PlanWright is the tool built for the far side of the chasm: a Kanban board around the human-bookend pattern, with cryptographically signed transitions on every card, an MCP server that exposes claim-and-return semantics to any agent runtime (Claude Code, Cursor, Cline, Continue, Aider), and a data model where a coding agent is a first-class actor with a verifiable identity. The audit chain is built in, not bolted on. The repo is referenced as the contract — every card pulls the architectural context from CLAUDE.md and the repo's context files before the agent reads code. The product is positioned as the bridge to a well-supervised Dark Factory: industrial guard rails, observability, and a SOC 2 / FedRAMP / EU AI Act high-risk classification evidence shape that drops cleanly into a regulated-industry audit package.
NameIntel
Brand naming has been a manual, human-only workflow for the entire history of the web. Founders shortlist a name, then hand-check eight surfaces in eight tabs: .com on a registrar, .io / .ai / .app on a second registrar, USPTO TESS for trademark, Instagram and Facebook and TikTok and YouTube for handles, Google for SEO collision, and — newly, since 2024 — a model to ask whether the name even survives an AI assistant's answer. The whole flow takes 20–40 minutes per candidate, and it produces a verdict the founder forgets the next time they brainstorm. The tools that exist (Namelix, Squadhelp, Brandbucket) sell *names*, not analysis, and none of them are callable by the software that increasingly does the brainstorming. NameIntel is the analysis layer underneath naming — a single API and a single MCP server that scores any candidate brand across five dimensions (domain availability + pricing, trademark risk, social-handle coverage, SEO competition, AI / generative-engine findability) and returns a composite score, dimension breakdown, and a one-line verdict. The hook is structural: NameIntel is built for the buyer the web is acquiring — the AI agent. The MCP server exposes the scoring tools to any MCP client (Claude Desktop, Cursor, Cline, any agent runtime), and the same endpoints accept x402 USDC micropayments per call on Base or Optimism mainnet so an agent can pay for a query without a human credit card in the loop. The website and the agent-callable surface are the same product.
Swole Labor Services
A solo-operator junk-removal business in Fort Myers runs on a printed flyer left on driveways and a phone number. It works — Max Small shows up, quotes fair, hauls it, sweeps up — but the flyer only reaches the driveway it lands on, and the next neighbor searching 'junk removal Fort Myers' on a phone never finds him. The category's web presence is dominated by national franchises with franchise overhead and call-center quoting; a one-person operation competing on honesty and showing-up has no surface to be found on. Swole Labor Services is that surface: a fast, mobile-first static site that turns branded and local search into a quote conversation — text photos, get an honest upfront price, book the haul — built so the model assembling the answer to 'who does junk removal near me' can actually read it. It is a Silverback CTO Velocity Process cohort-tenant build: a free build for the client, hosted by Silverback at roughly $5–$15/month, and a game-day swap into the Day 15 slot.
GEOPress
WordPress runs an estimated 43% of the web — north of 590 million sites — and almost none of them are built to be read by a model. The legacy SEO stack (Yoast, RankMath, All in One SEO) optimizes for a 2010-shaped Google: meta titles, sitemaps, keyword density, a relevance score computed by a crawler that executes JavaScript and parses a sidebar. Generative engines assemble answers differently. When somebody asks ChatGPT, Perplexity, Claude, or Google's AI Overviews a question, the answer is stitched from training data and live retrieval against the public web — and the page either exists in a shape the model can quote, with attribution, or it doesn't. The gap is structural: 590M WordPress sites, a mature plugin ecosystem for human-and-Google SEO, and effectively zero installed base for the LLM-readability layer. GEOPress is the plugin that closes it — llms.txt and llms-full.txt generation on the llmstxt.org standard, JSON-LD schema injection, AI-crawler robots.txt directives, clean Markdown exports of every post, and a native WordPress dashboard that shows exactly which AI crawlers are hitting the site and which pages they care about. The free tier is 100% local: no external calls, no PII, no IP addresses — it runs entirely inside the WordPress install. The free plugin is live, and the Pro SaaS analytics backend is deployed and serving alongside it; the WordPress.org directory submission is in the review queue, with the direct download from geopress.io as the launch-day path.
PodToSite
Most podcasts are now created on YouTube — YouTube's own data has long-form audio/video uploads accelerating faster than any other category on the platform — but the public web that AI engines crawl still wants a *website* per podcast, not a YouTube channel. The result: shows that get hundreds of thousands of YouTube plays are invisible when somebody asks ChatGPT, Claude, or Perplexity for 'the best podcast about [thing].' The legacy podcast-website category (Podpage, Castos, Buzzsprout sites, generic WordPress builds) was designed to be a marketing site for human visitors clicking through from an RSS app — a homepage, a list of episodes, maybe a contact form. None of it was built to be *read by a model*. PodToSite is the structurally distinct entry: YouTube as the canonical source of truth, Astro-rendered episode pages with full transcripts and chapter timestamps, JSON-LD per-episode (`PodcastEpisode` + `Article` + `VideoObject` triple-typed), an `llms.txt` machine-readable index at the root, OG cards generated per episode, and an embed flow that pulls a new episode from YouTube the moment it publishes — so the LLM-discoverable version of the show exists the same hour the YouTube version does. Already in revenue with Tales From The Sky Lounge at tftsl.podtosite.com as the public reference deployment.
PlanCheck
Forsyth County, Georgia — one of the fastest-growing counties in the United States — processes roughly 885 planning applications a year across four departments (Engineering, Water & Sewer, GIS Addressing, Planning & Community Development), each application reviewed against a checklist that totals 47 items. Industry data says 40–60% of first submissions are incomplete; every incomplete submission becomes a rejection cycle that costs builders two to four weeks of carrying time and county planners a credentialed-staff hour they spent flagging the same missing-north-arrow they flagged on the last plan. The legacy permitting-software category (Accela, Tyler EnerGov, OpenGov) was built to track the application, not to read the drawing. CivCheck was acquired by Clariti in October 2025; that acquisition validated the market category — *AI plan review is a real category, not a niche.* PlanCheck is the structurally distinct entry in that category: a narrowly-scoped, builder-facing, self-service pre-qualification tool that runs on AI text + vision analysis, deploys with zero county IT involvement, and inverts the commercial model — counties get it free, builders pay per submission. Already live for Forsyth County, Georgia at plancheckers.com after the county evaluated 11 vendors and chose the narrowest one.
ChamberAdvance
A regional chamber of commerce runs 1,500–4,000 member businesses with a sales team of six to ten. Every new member gets the same welcome packet — the cupcake shop and the Fortune 500 anchor tenant get the same PDF. The chamber engagement coordinator hand-emails 800 members about an event nobody is the right fit for, then re-runs the same exercise next month for the next event. Members who don't see value in year one don't renew in year two; chambers lose 18–24% of new members inside the first 12 months on national averages. The tooling category (CMS / AMS) was built for membership records, not for member engagement. ChamberAdvance is the AI-generated, per-member engagement plan that turns a 5-minute survey into a chamber-branded PDF roadmap in 90 seconds — and into qualified sales intelligence for the chamber team in the same motion. Already in revenue with the Gwinnett Chamber of Commerce — the #1-ranked chamber in the U.S.
CounselExpress
In *United States v. Heppner* (S.D.N.Y., February 2026), a federal court held that information attorneys and clients put into consumer-tier AI tools — Claude desktop, ChatGPT, the $20-a-month subscription — is not protected by attorney-client privilege. Inputs to a public AI platform are shared with a third party; sharing waives privilege. The court explicitly preserved a different posture for enterprise-tier deployments with contractual confidentiality protections (Claude over AWS Bedrock, ChatGPT Enterprise, Claude commercial / government plans). Personal injury attorneys, who run 60–150+ open cases of 500–5,000-page document loads each, were already structurally outmatched on document-review time by defense counsel's paralegal teams. The obvious AI shortcut — paste the medical records into ChatGPT, ask for a timeline — just got ruled out for any matter where privilege matters. CounselExpress is the desktop application that gives PI attorneys the four analyses they need (medical timeline, case dashboard, police-report review, discovery review) over AWS Bedrock, with case files staying on the attorney's local machine.
CogleGroup
Mid-market customers have services lines being reshaped by AI faster than incumbent providers can keep up — and the structure of the firm that takes those engagements determines whether the work gets delivered. Sequoia's Julien Bek named the shape in March (*Services: The New Software*): the next legendary services firm sells the work, not the tool, by combining operator judgement with model intelligence. The structural answer is a GP-led, AI-native services firm — not a tooling vendor with a partner channel, not a consultancy bolting AI onto a managed-services contract, not a venture studio that pretends services and product live in the same P&L. Until today, CogleGroup was a services practice with a working operating model and the right two operators in front of it. The missing layer was the formal GP partnership and the partner-network firm structure that makes the model legible to customers, to Anthropic, and to the next set of operators we want to bring in.
GovernAI
August 2, 2026: EU AI Act high-risk deployer obligations come into force. Every regulated SMB in Europe — and every U.S. SMB with a European customer, vendor, or beneficial owner — has a live obligation. The people those SMBs call when something legal touches IT are their MSP and their vCISO. Vanta and Drata don't cover it yet. Cynomi has a roadmap. Most vCISOs are stitching together Notion templates and praying. There is no defensible, per-end-client-priced AI governance program an MSP can stand up in 48 hours.
TrainTogether
Existing fitness apps were built for solo workouts (Strava, MyFitnessPal) or for swiping (everything dating-adjacent). None of them match training partners by shared goal, schedule, and proximity. Inside large athletic communities — like Atlanta's run-club ecosystem — the partnerships obviously want to form and there is no tooling to find each other. Survey of 82 responses pulled from a 4,000-person community: 76% say goal-based matching is the killer feature; scheduling conflicts are the top cited pain point.
CyberSavIQ
Existing personal-cybersecurity tools tell the SMB owner what data brokers know about them and what passwords leaked in a breach. They do not tell them what the major language models say about them when their customers, hires, or counterparties ask. Reputation has moved into a new substrate; nobody has been monitoring it.
CyberSavi Academy
MSPs run the assessment, the compliance engine flags gaps, but most gaps that actually cause breaches are people: phishing susceptibility, password hygiene, social engineering. Existing security training is generic, check-the-box compliance theater that the client clicks through and forgets.
CompliancePulse
After the security assessment is done, the gaps are documented. Then what? Continuous compliance is manual, ad-hoc, and doesn't fit the per-end-client economics MSPs need to scale a vCISO offering profitably.
PartFoundry
The original manufacturer doesn't make the part anymore. The aftermarket gave up. Vintage cars, discontinued appliances, and industrial equipment that outlived their parts catalogs sit waiting for the one piece nobody stocks. Right-to-Repair is law in more states every quarter, smartphone photogrammetry is finally consumer-grade, and desktop additive printers hit production tolerances at 1/10th the cost of five years ago. The market is a $15B+ gap; the on-ramp is trust and craft.
SecureLink
Starlink and Starshield put every device behind CGNAT, so field-deployed federal teams can't get a publicly routable IP for HQ allowlists, surveillance backhaul, or CMMC-aligned egress. Off-the-shelf VPNs don't survive the audit. Enterprise alternatives require a security team the SMB-tier contractor doesn't have.
SecureStackScan
Security assessments for AI-generated codebases still use the checklists built for human-written code. The vulnerability surface is different. The channel that scales those assessments is missing.