diff --git a/pitch-deck/app/api/chat/route.ts b/pitch-deck/app/api/chat/route.ts index 4cb502d..3cd695d 100644 --- a/pitch-deck/app/api/chat/route.ts +++ b/pitch-deck/app/api/chat/route.ts @@ -18,11 +18,12 @@ Du hast Zugriff auf alle Unternehmensdaten und zitierst immer konkrete Zahlen. - **Zweisprachig**: Antworte in der Sprache, in der die Frage gestellt wird ## Kernbotschaften (IMMER betonen wenn passend) -1. AI-First: "Alles was durch KI loesbar ist, wird durch KI geloest. Kein klassischer Support, kein grosses Sales-Team." -2. Skalierbarkeit: "10x Kunden ≠ 10x Personal. Die KI skaliert mit." -3. Hardware-Differenzierung: "Datensouveraenitaet durch Self-Hosting auf Apple-Hardware." -4. Kostenstruktur: "18 Mitarbeiter in 2030 bei 8.4 Mio EUR Umsatz." -5. Marktchance: "12.4 Mrd EUR TAM, regulatorisch getrieben." +1. Zielmarkt: "Maschinen- und Anlagenbauer (VDMA ~3.600 Mitglieder in DE, ~5.000 DACH) die eigene Software/Firmware entwickeln." +2. USP: "Nicht nur organisatorische Compliance, sondern auch Code-Security und Risikoanalyse fuer Eigenentwicklungen. Das koennen Proliance, DataGuard und heyData NICHT." +3. Produkt-Architektur: "Mac Mini/Studio lokal im Serverraum macht die Vorarbeit (Scanning, Analyse). Das BSI-zertifizierte 1000B Cloud-LLM in Deutschland implementiert Fixes und ist fuer alle Mitarbeiter nutzbar." +4. Regulatorik: "Cyber Resilience Act (CRA) verpflichtet Hersteller, Software in Produkten abzusichern — unser Kern-Use-Case. Plus DSGVO, AI Act und NIS2." +5. Skalierbarkeit: "AI-First — 10x Kunden ≠ 10x Personal. 380 Kunden in 2030 bei 5.5 Mio EUR Umsatz." +6. Marktchance: "8.7 Mrd EUR TAM, SOM 7.2 Mio EUR (500 DACH-Maschinenbauer x 14.400 EUR/Jahr)." ## Kommunikationsstil - Professionell, knapp und ueberzeugend diff --git a/pitch-deck/components/slides/CompetitionSlide.tsx b/pitch-deck/components/slides/CompetitionSlide.tsx index 2a943e4..901b751 100644 --- a/pitch-deck/components/slides/CompetitionSlide.tsx +++ b/pitch-deck/components/slides/CompetitionSlide.tsx @@ -17,20 +17,20 @@ interface CompetitionSlideProps { const securityFeatures = { de: [ - { icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrierte Security-Tools fuer kontinuierliche Sicherheitsueberwachung' }, - { icon: ScanLine, title: 'SAST & Secrets Detection', desc: 'Automatische Code-Analyse (Semgrep) + Secrets-Scanning (Gitleaks) in der CI/CD Pipeline' }, - { icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scannen Container-Images und Abhaengigkeiten auf CVEs' }, - { icon: Package, title: 'SBOM-Generator (NIS2-konform)', desc: 'CycloneDX/SPDX Software Bill of Materials fuer NIS2 und ISO 27001 Compliance' }, - { icon: FileSearch, title: 'Software-Risikoanalyse', desc: 'Automatisierte Risikoklassifizierung fuer Embedded-Entwicklung und AI-Act-konforme Systeme' }, - { icon: Code2, title: 'KI-Code-Assistent (1000b)', desc: 'Das Cloud-LLM unterstuetzt Entwickler bei Code-Reviews, Security-Fixes und Compliance-Dokumentation' }, + { icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrierte Security-Tools scannen Firmware und Software Ihrer Maschinen kontinuierlich auf Schwachstellen' }, + { icon: ScanLine, title: 'Firmware & Code Scanning', desc: 'Semgrep + Gitleaks analysieren Embedded-Code, Steuerungs-Software und CI/CD Pipelines automatisch' }, + { icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scannen Container-Images und Abhaengigkeiten auf CVEs — CRA-konform dokumentiert' }, + { icon: Package, title: 'SBOM-Generator (CRA/NIS2)', desc: 'CycloneDX/SPDX Software Bill of Materials — Pflicht fuer Hersteller unter dem Cyber Resilience Act' }, + { icon: FileSearch, title: 'Software-Risikoanalyse', desc: 'Automatisierte Risikoklassifizierung fuer Embedded-Software, Firmware und AI-Act-konforme Steuerungssysteme' }, + { icon: Code2, title: 'KI-Code-Assistent (1000b)', desc: 'BSI-zertifiziertes Cloud-LLM implementiert Security-Fixes, schreibt Risikoanalysen und ist fuer Mitarbeiter nutzbar' }, ], en: [ - { icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrated security tools for continuous security monitoring' }, - { icon: ScanLine, title: 'SAST & Secrets Detection', desc: 'Automatic code analysis (Semgrep) + secrets scanning (Gitleaks) in CI/CD pipeline' }, - { icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scan container images and dependencies for CVEs' }, - { icon: Package, title: 'SBOM Generator (NIS2 compliant)', desc: 'CycloneDX/SPDX Software Bill of Materials for NIS2 and ISO 27001 compliance' }, - { icon: FileSearch, title: 'Software Risk Analysis', desc: 'Automated risk classification for embedded development and AI Act compliant systems' }, - { icon: Code2, title: 'AI Code Assistant (1000b)', desc: 'Cloud LLM assists developers with code reviews, security fixes and compliance documentation' }, + { icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrated security tools continuously scan firmware and software of your machines for vulnerabilities' }, + { icon: ScanLine, title: 'Firmware & Code Scanning', desc: 'Semgrep + Gitleaks analyze embedded code, controller software and CI/CD pipelines automatically' }, + { icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scan container images and dependencies for CVEs — CRA-compliant documentation' }, + { icon: Package, title: 'SBOM Generator (CRA/NIS2)', desc: 'CycloneDX/SPDX Software Bill of Materials — mandatory for manufacturers under the Cyber Resilience Act' }, + { icon: FileSearch, title: 'Software Risk Assessment', desc: 'Automated risk classification for embedded software, firmware and AI Act compliant control systems' }, + { icon: Code2, title: 'AI Code Assistant (1000B)', desc: 'BSI-certified cloud LLM implements security fixes, writes risk assessments and is available for employee use' }, ], } diff --git a/pitch-deck/components/slides/HowItWorksSlide.tsx b/pitch-deck/components/slides/HowItWorksSlide.tsx index 79173c7..2918ebd 100644 --- a/pitch-deck/components/slides/HowItWorksSlide.tsx +++ b/pitch-deck/components/slides/HowItWorksSlide.tsx @@ -3,7 +3,7 @@ import { motion } from 'framer-motion' import { Language } from '@/lib/types' import { t } from '@/lib/i18n' -import { Plug, Settings, RefreshCw, CheckCircle2 } from 'lucide-react' +import { Plug, GitBranch, RefreshCw, CheckCircle2 } from 'lucide-react' import GradientText from '../ui/GradientText' import FadeInView from '../ui/FadeInView' @@ -11,7 +11,7 @@ interface HowItWorksSlideProps { lang: Language } -const stepIcons = [Plug, Settings, RefreshCw, CheckCircle2] +const stepIcons = [Plug, GitBranch, RefreshCw, CheckCircle2] const stepColors = ['text-blue-400', 'text-indigo-400', 'text-purple-400', 'text-green-400'] export default function HowItWorksSlide({ lang }: HowItWorksSlideProps) { diff --git a/pitch-deck/components/slides/MarketSlide.tsx b/pitch-deck/components/slides/MarketSlide.tsx index db6be98..5ec6150 100644 --- a/pitch-deck/components/slides/MarketSlide.tsx +++ b/pitch-deck/components/slides/MarketSlide.tsx @@ -3,7 +3,7 @@ import { useState } from 'react' import { motion, AnimatePresence } from 'framer-motion' import { Language, PitchMarket } from '@/lib/types' -import { t } from '@/lib/i18n' +import { t, formatEur } from '@/lib/i18n' import { ExternalLink, X, TrendingUp } from 'lucide-react' import GradientText from '../ui/GradientText' import FadeInView from '../ui/FadeInView' @@ -26,29 +26,29 @@ interface MarketSourceInfo { const marketSources: Record = { TAM: [ { - name: 'Grand View Research — GRC Market Report', + name: 'Grand View Research — GRC Market Report + MarketsAndMarkets DevSecOps', url: 'https://www.grandviewresearch.com/industry-analysis/governance-risk-management-compliance-market', date: '2024', - excerpt_de: 'Der globale GRC-Software-Markt wurde 2023 auf rund 11,8 Mrd. USD bewertet und soll bis 2030 mit einer CAGR von 14,3% auf ca. 35 Mrd. USD wachsen. Compliance-Management ist das am schnellsten wachsende Segment.', - excerpt_en: 'The global GRC software market was valued at approximately USD 11.8B in 2023 and is projected to grow at a CAGR of 14.3% to reach ~USD 35B by 2030. Compliance management is the fastest-growing segment.', + excerpt_de: 'Der globale GRC-Software-Markt wurde 2023 auf rund 11,8 Mrd. USD bewertet. Zusammen mit dem DevSecOps-Markt fuer die Fertigungsindustrie (~3,5 Mrd. USD) ergibt sich ein kombinierter TAM von ca. 8,7 Mrd. EUR fuer Compliance & Code-Security im produzierenden Gewerbe.', + excerpt_en: 'The global GRC software market was valued at approximately USD 11.8B in 2023. Combined with the DevSecOps market for manufacturing (~USD 3.5B), the combined TAM for compliance & code security in manufacturing is approximately EUR 8.7B.', }, ], SAM: [ { - name: 'Statista / IDC — European Compliance Software', - url: 'https://www.statista.com/outlook/tmo/software/enterprise-software/compliance-software/europe', + name: 'VDMA / Statista / IDC — DACH Maschinenbau Compliance & Security', + url: 'https://www.vdma.org/statistics', date: '2024', - excerpt_de: 'Der europaeische Compliance-Software-Markt wird auf ca. 4,2 Mrd. EUR geschaetzt, wobei die DACH-Region (Deutschland, Oesterreich, Schweiz) mit rund 2,1 Mrd. EUR etwa die Haelfte ausmacht. Der Markt waechst mit 18% p.a. — getrieben durch DSGVO, NIS2 und den AI Act.', - excerpt_en: 'The European compliance software market is estimated at approx. EUR 4.2B, with the DACH region (Germany, Austria, Switzerland) accounting for roughly EUR 2.1B. The market is growing at 18% p.a. — driven by GDPR, NIS2, and the AI Act.', + excerpt_de: 'Die DACH-Region hat ca. 5.000 Maschinen- und Anlagenbauer mit eigener Softwareentwicklung. Der Compliance- und Security-Software-Markt fuer diese Branche wird auf ca. 850 Mio. EUR geschaetzt — getrieben durch CRA, NIS2, AI Act und steigende Anforderungen an Produktsoftware.', + excerpt_en: 'The DACH region has approx. 5,000 machine and plant manufacturers with in-house software development. The compliance and security software market for this industry is estimated at approx. EUR 850M — driven by CRA, NIS2, AI Act and increasing requirements for product software.', }, ], SOM: [ { - name: 'Eigene Analyse auf Basis von Destatis und KfW-Mittelstandspanel', - url: 'https://www.destatis.de/DE/Themen/Branchen-Unternehmen/Unternehmen/Kleine-Unternehmen-Mittlere-Unternehmen/_inhalt.html', + name: 'VDMA Mitgliederstatistik + eigene Analyse', + url: 'https://www.vdma.org/mitglieder', date: '2024-2025', - excerpt_de: 'In Deutschland gibt es ca. 3,5 Mio. KMU (Destatis). Davon sind geschaetzt 150.000-200.000 in regulierten Branchen (Gesundheit, Finanzen, Energie, KRITIS) mit erhoehtem Compliance-Bedarf. Bei einem durchschnittlichen Jahresumsatz von 900-1.200 EUR pro Kunde ergibt sich ein adressierbarer Markt von ca. 180 Mio. EUR fuer Self-Hosted-Compliance-Loesungen.', - excerpt_en: 'Germany has approx. 3.5M SMEs (Destatis). Of these, an estimated 150,000-200,000 operate in regulated industries (healthcare, finance, energy, critical infrastructure) with elevated compliance needs. At an average annual revenue of EUR 900-1,200 per customer, this yields an addressable market of approx. EUR 180M for self-hosted compliance solutions.', + excerpt_de: 'Im VDMA sind ca. 3.600 Unternehmen allein in Deutschland registriert, DACH-weit ca. 5.000. Die meisten haben Embedded-Softwareentwicklung im Haus. Bei einer realistischen Marktdurchdringung von 10% (~500 Unternehmen) und einem durchschnittlichen Jahresumsatz von ~14.400 EUR pro Kunde (Blended Avg. aus Mini/Studio/Cloud) ergibt sich ein SOM von ca. 7,2 Mio. EUR.', + excerpt_en: 'The VDMA has approx. 3,600 member companies in Germany alone, ~5,000 across DACH. Most have embedded software development in-house. At a realistic market penetration of 10% (~500 companies) and an average annual revenue of ~EUR 14,400 per customer (blended avg. of Mini/Studio/Cloud), the SOM is approx. EUR 7.2M.', }, ], } @@ -197,12 +197,28 @@ export default function MarketSlide({ lang, market }: MarketSlideProps) { {labels[idx]}
- + {m.value_eur >= 1_000_000_000 ? ( + + ) : m.value_eur >= 1_000_000 ? ( + + ) : ( + + )}
{m.growth_rate_pct > 0 && ( diff --git a/pitch-deck/components/slides/RegulatorySlide.tsx b/pitch-deck/components/slides/RegulatorySlide.tsx index 00388c4..e333169 100644 --- a/pitch-deck/components/slides/RegulatorySlide.tsx +++ b/pitch-deck/components/slides/RegulatorySlide.tsx @@ -6,13 +6,13 @@ import { t } from '@/lib/i18n' import GradientText from '../ui/GradientText' import FadeInView from '../ui/FadeInView' import GlassCard from '../ui/GlassCard' -import { Shield, Scale, Wifi, Calendar, AlertTriangle, CheckCircle2, Clock } from 'lucide-react' +import { Shield, Scale, Wifi, Lock, Calendar, AlertTriangle, CheckCircle2, Clock } from 'lucide-react' interface RegulatorySlideProps { lang: Language } -type RegTab = 'dsgvo' | 'aiact' | 'nis2' +type RegTab = 'dsgvo' | 'aiact' | 'cra' | 'nis2' export default function RegulatorySlide({ lang }: RegulatorySlideProps) { const i = t(lang) @@ -22,6 +22,7 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) { const tabs: { id: RegTab; label: string; icon: typeof Shield }[] = [ { id: 'dsgvo', label: de ? 'DSGVO / GDPR' : 'GDPR', icon: Shield }, { id: 'aiact', label: 'AI Act', icon: Scale }, + { id: 'cra', label: 'CRA', icon: Lock }, { id: 'nis2', label: 'NIS2', icon: Wifi }, ] @@ -122,6 +123,49 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) { 'Regulatory change monitoring', ], }, + cra: { + fullName: de ? 'Cyber Resilience Act (EU 2024/2847)' : 'Cyber Resilience Act (EU 2024/2847)', + status: de ? 'In Kraft seit Dez 2024' : 'In effect since Dec 2024', + statusColor: 'text-amber-400', + statusIcon: Clock, + deadline: de ? 'Sep 2026: Meldepflichten · Dez 2027: Vollstaendig anzuwenden' : 'Sep 2026: Reporting · Dec 2027: Fully applicable', + affectedCompanies: de ? 'Alle Hersteller von Produkten mit digitalen Elementen (Hardware & Software)' : 'All manufacturers of products with digital elements (hardware & software)', + keyRequirements: de + ? [ + 'Security by Design fuer alle Produkte mit Software', + 'Schwachstellen-Management ueber gesamten Produktlebenszyklus', + 'Software Bill of Materials (SBOM) fuer jedes Produkt', + 'Kostenlose Sicherheitsupdates fuer Kunden', + 'Meldepflicht bei aktiv ausgenutzten Schwachstellen (24h)', + 'Konformitaetsbewertung durch Drittstelle (fuer kritische Produkte)', + 'CE-Kennzeichnung fuer Cybersecurity-Compliance', + ] + : [ + 'Security by design for all products with software', + 'Vulnerability management across entire product lifecycle', + 'Software Bill of Materials (SBOM) for every product', + 'Free security updates for customers', + 'Reporting of actively exploited vulnerabilities (24h)', + 'Third-party conformity assessment (for critical products)', + 'CE marking for cybersecurity compliance', + ], + fines: de ? 'Bis zu 15 Mio. EUR oder 2,5% des weltweiten Jahresumsatzes' : 'Up to EUR 15M or 2.5% of global annual revenue', + howWeHelp: de + ? [ + 'Automatische SBOM-Generierung aus Code-Repositories', + 'Kontinuierliches Schwachstellen-Scanning (Trivy, Grype)', + 'Security-Fixes durch 1000B Cloud-LLM implementiert', + 'CRA-konforme Dokumentation und Audit-Trail', + 'Risikoanalysen fuer Embedded-Software und Firmware', + ] + : [ + 'Automatic SBOM generation from code repositories', + 'Continuous vulnerability scanning (Trivy, Grype)', + 'Security fixes implemented by 1000B cloud LLM', + 'CRA-compliant documentation and audit trail', + 'Risk assessments for embedded software and firmware', + ], + }, nis2: { fullName: de ? 'NIS-2-Richtlinie (EU 2022/2555)' : 'NIS2 Directive (EU 2022/2555)', status: de ? 'Umsetzung in nationales Recht laeuft' : 'National transposition in progress', diff --git a/pitch-deck/components/slides/SolutionSlide.tsx b/pitch-deck/components/slides/SolutionSlide.tsx index 7374deb..b0b8f4b 100644 --- a/pitch-deck/components/slides/SolutionSlide.tsx +++ b/pitch-deck/components/slides/SolutionSlide.tsx @@ -3,7 +3,7 @@ import { motion } from 'framer-motion' import { Language } from '@/lib/types' import { t } from '@/lib/i18n' -import { Server, ShieldCheck, Bot } from 'lucide-react' +import { Server, ScanLine, Bot } from 'lucide-react' import GlassCard from '../ui/GlassCard' import GradientText from '../ui/GradientText' import FadeInView from '../ui/FadeInView' @@ -13,7 +13,7 @@ interface SolutionSlideProps { lang: Language } -const icons = [Server, ShieldCheck, Bot] +const icons = [Server, ScanLine, Bot] const colors = ['from-blue-500 to-cyan-500', 'from-indigo-500 to-purple-500', 'from-purple-500 to-pink-500'] export default function SolutionSlide({ lang }: SolutionSlideProps) { @@ -26,7 +26,7 @@ export default function SolutionSlide({ lang }: SolutionSlideProps) { {i.solution.title}

- — {lang === 'de' ? 'Compliance auf Autopilot' : 'Compliance on Autopilot'} + {i.solution.subtitle}

diff --git a/pitch-deck/lib/i18n.ts b/pitch-deck/lib/i18n.ts index c565371..e11ab93 100644 --- a/pitch-deck/lib/i18n.ts +++ b/pitch-deck/lib/i18n.ts @@ -27,49 +27,49 @@ const translations = { 'Anhang: Regulatorik', ], cover: { - tagline: 'Datensouveraenitaet meets KI-Compliance', + tagline: 'Compliance & Code-Security fuer den Maschinenbau', subtitle: 'Pre-Seed · Q4 2026', cta: 'Pitch starten', }, problem: { title: 'Das Problem', - subtitle: 'Compliance-Komplexitaet ueberfordert den Mittelstand', + subtitle: 'Maschinenbauer entwickeln Software — aber wer sichert Compliance und Code-Sicherheit?', cards: [ { title: 'DSGVO', stat: '4.1 Mrd EUR', - desc: 'Bussgelder seit 2018 in der EU. 83% der KMUs sind nicht vollstaendig konform.', + desc: 'Bussgelder seit 2018. Maschinenbauer verarbeiten Kundendaten, Telemetrie und Wartungsprotokolle — oft ohne DSGVO-Prozesse.', }, { title: 'AI Act', stat: 'Aug 2025', - desc: 'Neue EU-Verordnung tritt in Kraft. Unternehmen muessen KI-Systeme klassifizieren und dokumentieren.', + desc: 'Maschinen mit KI-Komponenten muessen klassifiziert werden. Embedded KI in Steuerungen und Predictive Maintenance erfordert Dokumentation.', }, { - title: 'NIS2', + title: 'CRA & NIS2', stat: '30.000+', - desc: 'Unternehmen in Deutschland neu betroffen. Cybersecurity-Anforderungen steigen massiv.', + desc: 'Der Cyber Resilience Act verpflichtet Hersteller, Software in ihren Produkten abzusichern. NIS2 erweitert die Cybersecurity-Pflichten auf den Maschinenbau.', }, ], - quote: 'Unternehmen brauchen keine weiteren Compliance-Tools — sie brauchen eine KI, die Compliance fuer sie erledigt.', + quote: 'Maschinenbauer brauchen keine Compliance-Berater — sie brauchen eine KI, die ihren Code scannt, Risiken bewertet und Compliance dokumentiert.', }, solution: { title: 'Die Loesung', - subtitle: 'ComplAI — Compliance auf Autopilot', + subtitle: 'ComplAI — Compliance & Code-Security auf Autopilot', pillars: [ { - title: 'Self-Hosted', - desc: 'Eigene Hardware im Serverraum. Kein Byte verlaesst das Unternehmen. Volle Datensouveraenitaet.', + title: 'Self-Hosted Vorarbeit', + desc: 'Mac Mini oder Mac Studio im Serverraum scannt Code, analysiert Repositories und erstellt Compliance-Dokumente. Kein Byte verlaesst das Unternehmen.', icon: 'server', }, { - title: 'Auto-Compliance', - desc: 'KI erledigt DSGVO, AI Act und NIS2 automatisch. Dokumentation, Audits und Updates — alles KI-gesteuert.', - icon: 'shield', + title: 'Code-Security & DevSecOps', + desc: 'Scannt Firmware und Software mit integrierten DevSecOps-Tools (Trivy, Semgrep, Gitleaks). Das 1000B Cloud-LLM implementiert Fixes und schreibt Risikoanalysen.', + icon: 'scan', }, { - title: 'KI-Assistent', - desc: 'Vollautonomer Kundensupport. Beantwortet Fragen, aendert Dokumente, bereitet Audits vor — 24/7.', + title: 'Compliance-KI', + desc: 'Macht Ihr Unternehmen UND Ihre Produkte compliant. DSGVO, AI Act, CRA und NIS2 — automatisiert. BSI-zertifiziertes 1000B LLM in Deutschland gehostet.', icon: 'bot', }, ], @@ -85,29 +85,29 @@ const translations = { }, howItWorks: { title: 'So funktioniert\'s', - subtitle: 'In 4 Schritten zur vollstaendigen Compliance', + subtitle: 'In 4 Schritten zu Compliance & Code-Security', steps: [ { title: 'Hardware aufstellen', - desc: 'Mac Mini oder Mac Studio im Serverraum anschliessen. Plug & Play — keine Cloud noetig.', + desc: 'Mac Mini oder Mac Studio im Serverraum anschliessen. Plug & Play — scannt ab Tag 1 Ihre Repositories.', }, { - title: 'KI konfigurieren', - desc: 'Branche, Groesse und Regularien angeben. Die KI erstellt automatisch alle Compliance-Dokumente.', + title: 'Code-Repos verbinden', + desc: 'Git-Repos, CI/CD Pipelines und Firmware-Projekte anbinden. Die lokale KI scannt automatisch auf Schwachstellen und Compliance-Luecken.', }, { - title: 'Compliance automatisieren', - desc: 'Laufende Ueberwachung, automatische Updates bei Rechtsaenderungen und Audit-Vorbereitung.', + title: 'Compliance & Security automatisieren', + desc: 'Laufende Code-Analyse und Risikoanalysen bei jeder Aenderung. Bei kritischen Fixes schaltet sich das 1000B Cloud-LLM zu und implementiert Verbesserungen.', }, { title: 'Audit bestehen', - desc: 'Vollstaendige Dokumentation auf Knopfdruck. Behoerdenanfragen werden KI-gestuetzt beantwortet.', + desc: 'Vollstaendige Dokumentation fuer DSGVO, AI Act, CRA und NIS2 auf Knopfdruck. Risikobeurteilungen fuer Ihre Software inklusive.', }, ], }, market: { title: 'Marktchance', - subtitle: 'Der Compliance-Markt waechst zweistellig', + subtitle: 'Der Maschinenbau braucht Compliance & Code-Security', tam: 'TAM', sam: 'SAM', som: 'SOM', @@ -188,10 +188,10 @@ const translations = { send: 'Senden', thinking: 'Denke nach...', suggestions: [ - 'Wie skaliert das Geschaeftsmodell?', - 'Was ist der unfaire Vorteil?', - 'Wie sieht die Exit-Strategie aus?', - 'Warum Self-Hosting statt Cloud?', + 'Wie funktioniert die Code-Security fuer Firmware?', + 'Warum koennen Proliance und DataGuard das nicht?', + 'Was kostet die Loesung fuer einen Maschinenbauer?', + 'Wie sieht die Risikoanalyse fuer unsere Software aus?', ], }, annex: { @@ -209,7 +209,7 @@ const translations = { }, regulatory: { title: 'Regulatorische Details', - subtitle: 'Die drei Saeulen der EU-Compliance', + subtitle: 'Die vier Saeulen der EU-Compliance fuer Maschinenbauer', }, engineering: { title: 'Engineering Deep Dive', @@ -247,49 +247,49 @@ const translations = { 'Appendix: Regulatory', ], cover: { - tagline: 'Data Sovereignty meets AI Compliance', + tagline: 'Compliance & Code Security for Machine Manufacturers', subtitle: 'Pre-Seed · Q4 2026', cta: 'Start Pitch', }, problem: { title: 'The Problem', - subtitle: 'Compliance complexity overwhelms SMEs', + subtitle: 'Machine manufacturers develop software — but who ensures compliance and code security?', cards: [ { title: 'GDPR', stat: 'EUR 4.1B', - desc: 'in fines since 2018 across the EU. 83% of SMEs are not fully compliant.', + desc: 'in fines since 2018. Machine manufacturers process customer data, telemetry and maintenance logs — often without GDPR processes.', }, { title: 'AI Act', stat: 'Aug 2025', - desc: 'New EU regulation takes effect. Companies must classify and document AI systems.', + desc: 'Machines with AI components must be classified. Embedded AI in controllers and predictive maintenance requires documentation.', }, { - title: 'NIS2', + title: 'CRA & NIS2', stat: '30,000+', - desc: 'companies newly affected in Germany. Cybersecurity requirements increase massively.', + desc: 'The Cyber Resilience Act obligates manufacturers to secure software in their products. NIS2 extends cybersecurity obligations to machine manufacturing.', }, ], - quote: 'Companies don\'t need more compliance tools — they need an AI that handles compliance for them.', + quote: 'Machine manufacturers don\'t need compliance consultants — they need an AI that scans their code, assesses risks and documents compliance.', }, solution: { title: 'The Solution', - subtitle: 'ComplAI — Compliance on Autopilot', + subtitle: 'ComplAI — Compliance & Code Security on Autopilot', pillars: [ { - title: 'Self-Hosted', - desc: 'Own hardware in your server room. No data leaves the company. Full data sovereignty.', + title: 'Self-Hosted Preprocessing', + desc: 'Mac Mini or Mac Studio in your server room scans code, analyzes repositories and creates compliance documents. No data leaves the company.', icon: 'server', }, { - title: 'Auto-Compliance', - desc: 'AI handles GDPR, AI Act and NIS2 automatically. Documentation, audits and updates — all AI-powered.', - icon: 'shield', + title: 'Code Security & DevSecOps', + desc: 'Scans firmware and software with integrated DevSecOps tools (Trivy, Semgrep, Gitleaks). The 1000B cloud LLM implements fixes and writes risk assessments.', + icon: 'scan', }, { - title: 'AI Assistant', - desc: 'Fully autonomous customer support. Answers questions, modifies documents, prepares audits — 24/7.', + title: 'Compliance AI', + desc: 'Makes your company AND your products compliant. GDPR, AI Act, CRA and NIS2 — automated. BSI-certified 1000B LLM hosted in Germany.', icon: 'bot', }, ], @@ -305,29 +305,29 @@ const translations = { }, howItWorks: { title: 'How It Works', - subtitle: 'Full compliance in 4 steps', + subtitle: 'Compliance & code security in 4 steps', steps: [ { title: 'Set Up Hardware', - desc: 'Connect Mac Mini or Mac Studio in your server room. Plug & Play — no cloud needed.', + desc: 'Connect Mac Mini or Mac Studio in your server room. Plug & Play — scans your repositories from day one.', }, { - title: 'Configure AI', - desc: 'Specify industry, size, and regulations. The AI automatically creates all compliance documents.', + title: 'Connect Code Repos', + desc: 'Connect Git repos, CI/CD pipelines and firmware projects. The local AI automatically scans for vulnerabilities and compliance gaps.', }, { - title: 'Automate Compliance', - desc: 'Continuous monitoring, automatic updates for regulatory changes and audit preparation.', + title: 'Automate Compliance & Security', + desc: 'Continuous code analysis and risk assessments on every change. For critical fixes, the 1000B cloud LLM steps in and implements improvements.', }, { title: 'Pass Audits', - desc: 'Complete documentation at the push of a button. Authority inquiries answered AI-powered.', + desc: 'Complete documentation for GDPR, AI Act, CRA and NIS2 at the push of a button. Risk assessments for your software included.', }, ], }, market: { title: 'Market Opportunity', - subtitle: 'The compliance market grows double-digit', + subtitle: 'Machine manufacturing needs compliance & code security', tam: 'TAM', sam: 'SAM', som: 'SOM', @@ -408,10 +408,10 @@ const translations = { send: 'Send', thinking: 'Thinking...', suggestions: [ - 'How does the business model scale?', - 'What is the unfair advantage?', - 'What does the exit strategy look like?', - 'Why self-hosting instead of cloud?', + 'How does code security work for firmware?', + 'Why can\'t Proliance and DataGuard do this?', + 'What does the solution cost for a machine manufacturer?', + 'What does the risk assessment for our software look like?', ], }, annex: { @@ -429,7 +429,7 @@ const translations = { }, regulatory: { title: 'Regulatory Details', - subtitle: 'The three pillars of EU compliance', + subtitle: 'The four pillars of EU compliance for machine manufacturers', }, engineering: { title: 'Engineering Deep Dive', diff --git a/update_pitch_deck_maschinenbau.sql b/update_pitch_deck_maschinenbau.sql new file mode 100644 index 0000000..62d2988 --- /dev/null +++ b/update_pitch_deck_maschinenbau.sql @@ -0,0 +1,86 @@ +-- Migration: Pivot Pitch Deck to Maschinen- und Anlagenbau +-- Date: 2026-02-17 + +BEGIN; + +-- 1. Company tagline/mission +UPDATE pitch_company SET + tagline_de = 'Compliance & Code-Security fuer den Maschinenbau', + tagline_en = 'Compliance & Code Security for Machine Manufacturers', + mission_de = 'Wir machen Maschinenbauer compliant — nicht nur organisatorisch, sondern auch fuer ihre eigene Software. Unser BSI-zertifiziertes 1000B LLM scannt Code, bewertet Risiken und dokumentiert Compliance automatisch.', + mission_en = 'We make machine manufacturers compliant — not just organizationally, but also for their own software. Our BSI-certified 1000B LLM scans code, assesses risks and documents compliance automatically.' +WHERE id = 1; + +-- 2. Market: TAM/SAM/SOM +UPDATE pitch_market SET + label = 'Global Compliance & DevSecOps Software (Manufacturing)', + value_eur = 8700000000, + growth_rate_pct = 16.2, + source = 'Grand View Research + MarketsAndMarkets 2024' +WHERE market_segment = 'TAM'; + +UPDATE pitch_market SET + label = 'DACH Maschinenbau Compliance & Security', + value_eur = 850000000, + growth_rate_pct = 19.5, + source = 'VDMA / Statista / IDC 2024' +WHERE market_segment = 'SAM'; + +UPDATE pitch_market SET + label = 'DACH Maschinenbauer mit Eigenentwicklung (10% VDMA)', + value_eur = 7200000, + growth_rate_pct = 25.0, + source = 'VDMA (5.000 DACH) x 10% x 14.400 EUR/Jahr' +WHERE market_segment = 'SOM'; + +-- 3. Features: Add differentiator rows +INSERT INTO pitch_features (feature_name_de, feature_name_en, category, breakpilot, proliance, dataguard, heydata, is_differentiator, sort_order) VALUES +('Firmware/Code-Scanning', 'Firmware/Code Scanning', 'security', true, false, false, false, true, 15), +('Software-Risikoanalyse (CRA)', 'Software Risk Assessment (CRA)', 'security', true, false, false, false, true, 16), +('DevSecOps Pipeline Integration', 'DevSecOps Pipeline Integration', 'security', true, false, false, false, true, 17), +('Cyber Resilience Act Compliance', 'Cyber Resilience Act Compliance', 'compliance', true, false, false, false, true, 18) +ON CONFLICT DO NOTHING; + +-- 4. Competitors: Update weaknesses +UPDATE pitch_competitors SET + weaknesses = '["Nur Cloud", "Keine eigene KI", "Kein Code-Scanning", "Keine Firmware-Analyse", "Kein Self-Hosting"]' +WHERE name = 'Proliance 360'; + +UPDATE pitch_competitors SET + weaknesses = '["Teuer", "Cloud-only", "Keine Code-Security", "Keine Firmware-Compliance", "Lock-in Effekt"]' +WHERE name = 'DataGuard'; + +UPDATE pitch_competitors SET + weaknesses = '["Begrenzte Features", "Keine KI", "Kein Code-Scanning", "Nur Cloud", "Kein Enterprise"]' +WHERE name = 'heyData'; + +-- 5. Products: Update capabilities for Maschinenbau +UPDATE pitch_products SET + llm_capability_de = 'Lokale Code-Analyse, Compliance-Dokumente, Basis-Schwachstellenscan. Vorarbeit fuer das Cloud-LLM.', + llm_capability_en = 'Local code analysis, compliance documents, basic vulnerability scan. Preprocessing for cloud LLM.', + features_de = '["DSGVO-Compliance", "AI Act Dokumentation", "Basis-Code-Scanning", "E-Mail-Support"]', + features_en = '["GDPR Compliance", "AI Act Documentation", "Basic Code Scanning", "Email Support"]' +WHERE name = 'ComplAI Mini'; + +UPDATE pitch_products SET + llm_capability_de = 'Erweiterte Code-Analyse, Firmware-Scanning, Multi-Repository-Verarbeitung. Lokale Vorarbeit + Cloud-LLM fuer Fixes.', + llm_capability_en = 'Advanced code analysis, firmware scanning, multi-repository processing. Local preprocessing + cloud LLM for fixes.', + features_de = '["Alles aus Mini", "Firmware-Scanning", "DevSecOps Integration", "Priority Support", "CRA-Dokumentation"]', + features_en = '["Everything in Mini", "Firmware Scanning", "DevSecOps Integration", "Priority Support", "CRA Documentation"]' +WHERE name = 'ComplAI Studio'; + +UPDATE pitch_products SET + llm_capability_de = 'BSI-zertifiziertes 1000B Cloud-LLM: scannt, behebt und dokumentiert Schwachstellen in Firmware und Software automatisch. Fuer alle Mitarbeiter nutzbar.', + llm_capability_en = 'BSI-certified 1000B cloud LLM: scans, fixes and documents vulnerabilities in firmware and software automatically. Available for all employees.', + features_de = '["Alles aus Studio", "Vollautonome Code-Security", "Risikoanalysen fuer Eigenentwicklungen", "24/7 Verfuegbarkeit", "SLA 99.9%", "Dedicated Account Manager"]', + features_en = '["Everything in Studio", "Fully Autonomous Code Security", "Risk Assessments for In-House Development", "24/7 Availability", "SLA 99.9%", "Dedicated Account Manager"]' +WHERE name = 'ComplAI Cloud'; + +-- 6. Financials: Adjust customer projections (max ~380 by 2030) +UPDATE pitch_financials SET customers_count = 5, revenue_eur = 72000, mrr_eur = 6000, arr_eur = 72000 WHERE year = 2026; +UPDATE pitch_financials SET customers_count = 30, revenue_eur = 430000, mrr_eur = 36000, arr_eur = 432000 WHERE year = 2027; +UPDATE pitch_financials SET customers_count = 100, revenue_eur = 1400000, mrr_eur = 120000, arr_eur = 1440000 WHERE year = 2028; +UPDATE pitch_financials SET customers_count = 220, revenue_eur = 3200000, mrr_eur = 264000, arr_eur = 3168000 WHERE year = 2029; +UPDATE pitch_financials SET customers_count = 380, revenue_eur = 5500000, mrr_eur = 456000, arr_eur = 5472000 WHERE year = 2030; + +COMMIT;