AI & Machine Learning · sub-niche

AI safety / red-team tools.

Prompt injection, jailbreaks, data leakage — every shipped AI feature needs a test harness. Most teams don't have one.

Month-long buildHot — multiple deals per month

Why now

Regulation (EU AI Act, sectoral guidance) is forcing teams to demonstrate red-team coverage. Compliance is a budget unlock.

What the signal looks like

Repos with curated attack taxonomies, scoring rubrics, and contributor list including security researchers from named labs.

Public examples

We name publicprojects + categories only — never founders we track inside the paid product. The buyer’s edge stays inside the product.

Garak-style scanning frameworks
Promptfoo red-team plugins
Vertical attack libraries (medical, financial, legal)

What this displaces

Internal one-off red-team exercises that take a week and don't repeat.

Our build-vs-invest call

Build as a CI-runnable scanner with a vertical attack pack. Compete on coverage breadth and the speed at which new attacks land in the public corpus. Fund teams with at least one named security researcher on the founding side.

Common questions about this niche

Won't the foundation models fix this themselves?: They'll improve, but the responsibility sits with the deployer, not the model vendor. The product company always needs its own test layer.
Is this a service or a product?: Both — services for the top-100 enterprises, product for everyone else.
What's the moat?: The attack corpus, then the eval pipeline, then the compliance reports.

More inside AI & Machine Learning

LLM eval harnesses — Reproducible eval suites that an AI-native team can drop into CI and trust by lunchtime.
Agent orchestration frameworks — The 'LangChain for X' slot is still wide open — pick a vertical, ship the runtime, win the wedge.
Retrieval-augmented search libraries — RAG-as-a-library — bring-your-own embedding, bring-your-own vector store, win on developer ergonomics.
Fine-tuning tools for non-ML teams — Take fine-tuning out of the notebook. Product teams want to point at JSONL and get a deployable adapter.

See all 10 AI & Machine Learning sub-niches →

Common questions about this niche

Won't the foundation models fix this themselves?

They'll improve, but the responsibility sits with the deployer, not the model vendor. The product company always needs its own test layer.

Is this a service or a product?

Both — services for the top-100 enterprises, product for everyone else.

What's the moat?

The attack corpus, then the eval pipeline, then the compliance reports.

More inside AI & Machine Learning

LLM eval harnesses — Reproducible eval suites that an AI-native team can drop into CI and trust by lunchtime.

Agent orchestration frameworks — The 'LangChain for X' slot is still wide open — pick a vertical, ship the runtime, win the wedge.

Retrieval-augmented search libraries — RAG-as-a-library — bring-your-own embedding, bring-your-own vector store, win on developer ergonomics.

Fine-tuning tools for non-ML teams — Take fine-tuning out of the notebook. Product teams want to point at JSONL and get a deployable adapter.