Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pitch-deck): pivot to Maschinen- und Anlagenbau target market
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-consent (push) Successful in 33s
Details
CI / test-python-voice (push) Successful in 33s
Details
CI / test-bqas (push) Successful in 33s
Details

Browse Source 
Refocus entire pitch deck narrative on machine/plant manufacturers with
in-house embedded software development. Key changes:

- i18n: All DE/EN texts updated (cover, problem, solution, market, etc.)
- MarketSlide: Dynamic unit formatting (Mrd/Mio/k) for SOM in millions
- SolutionSlide: Code-Security pillar with ScanLine icon
- HowItWorksSlide: GitBranch icon for code repo connection step
- CompetitionSlide: Security features reframed for firmware/embedded
- RegulatorySlide: Added CRA (Cyber Resilience Act) as 4th tab
- AI chat prompt: Updated Kernbotschaften for Maschinenbau USP
- DB migration: TAM 8.7B, SAM 850M, SOM 7.2M, customers 5-380 (2026-2030),
  4 new differentiator features, product capabilities for code-security

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Boenisch
2026-02-17 21:42:29 +01:00
parent b7d21daa24
commit e87ec2520d
8 changed files with 245 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pitch-deck/app/api/chat/route.ts
View File

@@ -18,11 +18,12 @@ Du hast Zugriff auf alle Unternehmensdaten und zitierst immer konkrete Zahlen.
- **Zweisprachig**: Antworte in der Sprache, in der die Frage gestellt wird - **Zweisprachig**: Antworte in der Sprache, in der die Frage gestellt wird
## Kernbotschaften (IMMER betonen wenn passend) ## Kernbotschaften (IMMER betonen wenn passend)
1. AI-First: "Alles was durch KI loesbar ist, wird durch KI geloest. Kein klassischer Support, kein grosses Sales-Team." 1. Zielmarkt: "Maschinen- und Anlagenbauer (VDMA ~3.600 Mitglieder in DE, ~5.000 DACH) die eigene Software/Firmware entwickeln."
2. Skalierbarkeit: "10x Kunden ≠ 10x Personal. Die KI skaliert mit." 2. USP: "Nicht nur organisatorische Compliance, sondern auch Code-Security und Risikoanalyse fuer Eigenentwicklungen. Das koennen Proliance, DataGuard und heyData NICHT."
3. Hardware-Differenzierung: "Datensouveraenitaet durch Self-Hosting auf Apple-Hardware." 3. Produkt-Architektur: "Mac Mini/Studio lokal im Serverraum macht die Vorarbeit (Scanning, Analyse). Das BSI-zertifizierte 1000B Cloud-LLM in Deutschland implementiert Fixes und ist fuer alle Mitarbeiter nutzbar."
4. Kostenstruktur: "18 Mitarbeiter in 2030 bei 8.4 Mio EUR Umsatz." 4. Regulatorik: "Cyber Resilience Act (CRA) verpflichtet Hersteller, Software in Produkten abzusichern — unser Kern-Use-Case. Plus DSGVO, AI Act und NIS2."
5. Marktchance: "12.4 Mrd EUR TAM, regulatorisch getrieben." 5. Skalierbarkeit: "AI-First — 10x Kunden ≠ 10x Personal. 380 Kunden in 2030 bei 5.5 Mio EUR Umsatz."
6. Marktchance: "8.7 Mrd EUR TAM, SOM 7.2 Mio EUR (500 DACH-Maschinenbauer x 14.400 EUR/Jahr)."
## Kommunikationsstil ## Kommunikationsstil
- Professionell, knapp und ueberzeugend - Professionell, knapp und ueberzeugend

24
pitch-deck/components/slides/CompetitionSlide.tsx
View File

@@ -17,20 +17,20 @@ interface CompetitionSlideProps {
const securityFeatures = { const securityFeatures = {
de: [ de: [
{ icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrierte Security-Tools fuer kontinuierliche Sicherheitsueberwachung' }, { icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrierte Security-Tools scannen Firmware und Software Ihrer Maschinen kontinuierlich auf Schwachstellen' },
{ icon: ScanLine, title: 'SAST & Secrets Detection', desc: 'Automatische Code-Analyse (Semgrep) + Secrets-Scanning (Gitleaks) in der CI/CD Pipeline' }, { icon: ScanLine, title: 'Firmware & Code Scanning', desc: 'Semgrep + Gitleaks analysieren Embedded-Code, Steuerungs-Software und CI/CD Pipelines automatisch' },
{ icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scannen Container-Images und Abhaengigkeiten auf CVEs' }, { icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scannen Container-Images und Abhaengigkeiten auf CVEs — CRA-konform dokumentiert' },
{ icon: Package, title: 'SBOM-Generator (NIS2-konform)', desc: 'CycloneDX/SPDX Software Bill of Materials fuer NIS2 und ISO 27001 Compliance' }, { icon: Package, title: 'SBOM-Generator (CRA/NIS2)', desc: 'CycloneDX/SPDX Software Bill of Materials — Pflicht fuer Hersteller unter dem Cyber Resilience Act' },
{ icon: FileSearch, title: 'Software-Risikoanalyse', desc: 'Automatisierte Risikoklassifizierung fuer Embedded-Entwicklung und AI-Act-konforme Systeme' }, { icon: FileSearch, title: 'Software-Risikoanalyse', desc: 'Automatisierte Risikoklassifizierung fuer Embedded-Software, Firmware und AI-Act-konforme Steuerungssysteme' },
{ icon: Code2, title: 'KI-Code-Assistent (1000b)', desc: 'Das Cloud-LLM unterstuetzt Entwickler bei Code-Reviews, Security-Fixes und Compliance-Dokumentation' }, { icon: Code2, title: 'KI-Code-Assistent (1000b)', desc: 'BSI-zertifiziertes Cloud-LLM implementiert Security-Fixes, schreibt Risikoanalysen und ist fuer Mitarbeiter nutzbar' },
], ],
en: [ en: [
{ icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrated security tools for continuous security monitoring' }, { icon: ShieldCheck, title: 'DevSecOps Security Suite', desc: '6 integrated security tools continuously scan firmware and software of your machines for vulnerabilities' },
{ icon: ScanLine, title: 'SAST & Secrets Detection', desc: 'Automatic code analysis (Semgrep) + secrets scanning (Gitleaks) in CI/CD pipeline' }, { icon: ScanLine, title: 'Firmware & Code Scanning', desc: 'Semgrep + Gitleaks analyze embedded code, controller software and CI/CD pipelines automatically' },
{ icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scan container images and dependencies for CVEs' }, { icon: Bug, title: 'Container & Dependency Scanning', desc: 'Trivy + Grype scan container images and dependencies for CVEs — CRA-compliant documentation' },
{ icon: Package, title: 'SBOM Generator (NIS2 compliant)', desc: 'CycloneDX/SPDX Software Bill of Materials for NIS2 and ISO 27001 compliance' }, { icon: Package, title: 'SBOM Generator (CRA/NIS2)', desc: 'CycloneDX/SPDX Software Bill of Materials — mandatory for manufacturers under the Cyber Resilience Act' },
{ icon: FileSearch, title: 'Software Risk Analysis', desc: 'Automated risk classification for embedded development and AI Act compliant systems' }, { icon: FileSearch, title: 'Software Risk Assessment', desc: 'Automated risk classification for embedded software, firmware and AI Act compliant control systems' },
{ icon: Code2, title: 'AI Code Assistant (1000b)', desc: 'Cloud LLM assists developers with code reviews, security fixes and compliance documentation' }, { icon: Code2, title: 'AI Code Assistant (1000B)', desc: 'BSI-certified cloud LLM implements security fixes, writes risk assessments and is available for employee use' },
], ],
} }

4
pitch-deck/components/slides/HowItWorksSlide.tsx
View File

@@ -3,7 +3,7 @@
import { motion } from 'framer-motion' import { motion } from 'framer-motion'
import { Language } from '@/lib/types' import { Language } from '@/lib/types'
import { t } from '@/lib/i18n' import { t } from '@/lib/i18n'
import { Plug, Settings, RefreshCw, CheckCircle2 } from 'lucide-react' import { Plug, GitBranch, RefreshCw, CheckCircle2 } from 'lucide-react'
import GradientText from '../ui/GradientText' import GradientText from '../ui/GradientText'
import FadeInView from '../ui/FadeInView' import FadeInView from '../ui/FadeInView'
@@ -11,7 +11,7 @@ interface HowItWorksSlideProps {
lang: Language lang: Language
} }
const stepIcons = [Plug, Settings, RefreshCw, CheckCircle2] const stepIcons = [Plug, GitBranch, RefreshCw, CheckCircle2]
const stepColors = ['text-blue-400', 'text-indigo-400', 'text-purple-400', 'text-green-400'] const stepColors = ['text-blue-400', 'text-indigo-400', 'text-purple-400', 'text-green-400']
export default function HowItWorksSlide({ lang }: HowItWorksSlideProps) { export default function HowItWorksSlide({ lang }: HowItWorksSlideProps) {

52
pitch-deck/components/slides/MarketSlide.tsx
View File

@@ -3,7 +3,7 @@
import { useState } from 'react' import { useState } from 'react'
import { motion, AnimatePresence } from 'framer-motion' import { motion, AnimatePresence } from 'framer-motion'
import { Language, PitchMarket } from '@/lib/types' import { Language, PitchMarket } from '@/lib/types'
import { t } from '@/lib/i18n' import { t, formatEur } from '@/lib/i18n'
import { ExternalLink, X, TrendingUp } from 'lucide-react' import { ExternalLink, X, TrendingUp } from 'lucide-react'
import GradientText from '../ui/GradientText' import GradientText from '../ui/GradientText'
import FadeInView from '../ui/FadeInView' import FadeInView from '../ui/FadeInView'
@@ -26,29 +26,29 @@ interface MarketSourceInfo {
const marketSources: Record<string, MarketSourceInfo[]> = { const marketSources: Record<string, MarketSourceInfo[]> = {
TAM: [ TAM: [
{ {
name: 'Grand View Research — GRC Market Report', name: 'Grand View Research — GRC Market Report + MarketsAndMarkets DevSecOps',
url: 'https://www.grandviewresearch.com/industry-analysis/governance-risk-management-compliance-market', url: 'https://www.grandviewresearch.com/industry-analysis/governance-risk-management-compliance-market',
date: '2024', date: '2024',
excerpt_de: 'Der globale GRC-Software-Markt wurde 2023 auf rund 11,8 Mrd. USD bewertet und soll bis 2030 mit einer CAGR von 14,3% auf ca. 35 Mrd. USD wachsen. Compliance-Management ist das am schnellsten wachsende Segment.', excerpt_de: 'Der globale GRC-Software-Markt wurde 2023 auf rund 11,8 Mrd. USD bewertet. Zusammen mit dem DevSecOps-Markt fuer die Fertigungsindustrie (~3,5 Mrd. USD) ergibt sich ein kombinierter TAM von ca. 8,7 Mrd. EUR fuer Compliance & Code-Security im produzierenden Gewerbe.',
excerpt_en: 'The global GRC software market was valued at approximately USD 11.8B in 2023 and is projected to grow at a CAGR of 14.3% to reach ~USD 35B by 2030. Compliance management is the fastest-growing segment.', excerpt_en: 'The global GRC software market was valued at approximately USD 11.8B in 2023. Combined with the DevSecOps market for manufacturing (~USD 3.5B), the combined TAM for compliance & code security in manufacturing is approximately EUR 8.7B.',
}, },
], ],
SAM: [ SAM: [
{ {
name: 'Statista / IDC — European Compliance Software', name: 'VDMA / Statista / IDC — DACH Maschinenbau Compliance & Security',
url: 'https://www.statista.com/outlook/tmo/software/enterprise-software/compliance-software/europe', url: 'https://www.vdma.org/statistics',
date: '2024', date: '2024',
excerpt_de: 'Der europaeische Compliance-Software-Markt wird auf ca. 4,2 Mrd. EUR geschaetzt, wobei die DACH-Region (Deutschland, Oesterreich, Schweiz) mit rund 2,1 Mrd. EUR etwa die Haelfte ausmacht. Der Markt waechst mit 18% p.a. — getrieben durch DSGVO, NIS2 und den AI Act.', excerpt_de: 'Die DACH-Region hat ca. 5.000 Maschinen- und Anlagenbauer mit eigener Softwareentwicklung. Der Compliance- und Security-Software-Markt fuer diese Branche wird auf ca. 850 Mio. EUR geschaetzt — getrieben durch CRA, NIS2, AI Act und steigende Anforderungen an Produktsoftware.',
excerpt_en: 'The European compliance software market is estimated at approx. EUR 4.2B, with the DACH region (Germany, Austria, Switzerland) accounting for roughly EUR 2.1B. The market is growing at 18% p.a. — driven by GDPR, NIS2, and the AI Act.', excerpt_en: 'The DACH region has approx. 5,000 machine and plant manufacturers with in-house software development. The compliance and security software market for this industry is estimated at approx. EUR 850M — driven by CRA, NIS2, AI Act and increasing requirements for product software.',
}, },
], ],
SOM: [ SOM: [
{ {
name: 'Eigene Analyse auf Basis von Destatis und KfW-Mittelstandspanel', name: 'VDMA Mitgliederstatistik + eigene Analyse',
url: 'https://www.destatis.de/DE/Themen/Branchen-Unternehmen/Unternehmen/Kleine-Unternehmen-Mittlere-Unternehmen/_inhalt.html', url: 'https://www.vdma.org/mitglieder',
date: '2024-2025', date: '2024-2025',
excerpt_de: 'In Deutschland gibt es ca. 3,5 Mio. KMU (Destatis). Davon sind geschaetzt 150.000-200.000 in regulierten Branchen (Gesundheit, Finanzen, Energie, KRITIS) mit erhoehtem Compliance-Bedarf. Bei einem durchschnittlichen Jahresumsatz von 900-1.200 EUR pro Kunde ergibt sich ein adressierbarer Markt von ca. 180 Mio. EUR fuer Self-Hosted-Compliance-Loesungen.', excerpt_de: 'Im VDMA sind ca. 3.600 Unternehmen allein in Deutschland registriert, DACH-weit ca. 5.000. Die meisten haben Embedded-Softwareentwicklung im Haus. Bei einer realistischen Marktdurchdringung von 10% (~500 Unternehmen) und einem durchschnittlichen Jahresumsatz von ~14.400 EUR pro Kunde (Blended Avg. aus Mini/Studio/Cloud) ergibt sich ein SOM von ca. 7,2 Mio. EUR.',
excerpt_en: 'Germany has approx. 3.5M SMEs (Destatis). Of these, an estimated 150,000-200,000 operate in regulated industries (healthcare, finance, energy, critical infrastructure) with elevated compliance needs. At an average annual revenue of EUR 900-1,200 per customer, this yields an addressable market of approx. EUR 180M for self-hosted compliance solutions.', excerpt_en: 'The VDMA has approx. 3,600 member companies in Germany alone, ~5,000 across DACH. Most have embedded software development in-house. At a realistic market penetration of 10% (~500 companies) and an average annual revenue of ~EUR 14,400 per customer (blended avg. of Mini/Studio/Cloud), the SOM is approx. EUR 7.2M.',
}, },
], ],
} }
@@ -197,12 +197,28 @@ export default function MarketSlide({ lang, market }: MarketSlideProps) {
<span className="text-xs text-white/30">{labels[idx]}</span> <span className="text-xs text-white/30">{labels[idx]}</span>
</div> </div>
<div className="text-2xl font-bold text-white"> <div className="text-2xl font-bold text-white">
<AnimatedCounter {m.value_eur >= 1_000_000_000 ? (
target={m.value_eur / 1_000_000_000} <AnimatedCounter
suffix={lang === 'de' ? ' Mrd. EUR' : 'B EUR'} target={m.value_eur / 1_000_000_000}
decimals={1} suffix={lang === 'de' ? ' Mrd. EUR' : 'B EUR'}
duration={1500} decimals={1}
/> duration={1500}
/>
) : m.value_eur >= 1_000_000 ? (
<AnimatedCounter
target={m.value_eur / 1_000_000}
suffix={lang === 'de' ? ' Mio. EUR' : 'M EUR'}
decimals={1}
duration={1500}
/>
) : (
<AnimatedCounter
target={m.value_eur / 1_000}
suffix={'k EUR'}
decimals={0}
duration={1500}
/>
)}
</div> </div>
<div className="flex items-center gap-3 text-xs"> <div className="flex items-center gap-3 text-xs">
{m.growth_rate_pct > 0 && ( {m.growth_rate_pct > 0 && (

48
pitch-deck/components/slides/RegulatorySlide.tsx
View File

@@ -6,13 +6,13 @@ import { t } from '@/lib/i18n'
import GradientText from '../ui/GradientText' import GradientText from '../ui/GradientText'
import FadeInView from '../ui/FadeInView' import FadeInView from '../ui/FadeInView'
import GlassCard from '../ui/GlassCard' import GlassCard from '../ui/GlassCard'
import { Shield, Scale, Wifi, Calendar, AlertTriangle, CheckCircle2, Clock } from 'lucide-react' import { Shield, Scale, Wifi, Lock, Calendar, AlertTriangle, CheckCircle2, Clock } from 'lucide-react'
interface RegulatorySlideProps { interface RegulatorySlideProps {
lang: Language lang: Language
} }
type RegTab = 'dsgvo' | 'aiact' | 'nis2' type RegTab = 'dsgvo' | 'aiact' | 'cra' | 'nis2'
export default function RegulatorySlide({ lang }: RegulatorySlideProps) { export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
const i = t(lang) const i = t(lang)
@@ -22,6 +22,7 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
const tabs: { id: RegTab; label: string; icon: typeof Shield }[] = [ const tabs: { id: RegTab; label: string; icon: typeof Shield }[] = [
{ id: 'dsgvo', label: de ? 'DSGVO / GDPR' : 'GDPR', icon: Shield }, { id: 'dsgvo', label: de ? 'DSGVO / GDPR' : 'GDPR', icon: Shield },
{ id: 'aiact', label: 'AI Act', icon: Scale }, { id: 'aiact', label: 'AI Act', icon: Scale },
{ id: 'cra', label: 'CRA', icon: Lock },
{ id: 'nis2', label: 'NIS2', icon: Wifi }, { id: 'nis2', label: 'NIS2', icon: Wifi },
] ]
@@ -122,6 +123,49 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
'Regulatory change monitoring', 'Regulatory change monitoring',
], ],
}, },
cra: {
fullName: de ? 'Cyber Resilience Act (EU 2024/2847)' : 'Cyber Resilience Act (EU 2024/2847)',
status: de ? 'In Kraft seit Dez 2024' : 'In effect since Dec 2024',
statusColor: 'text-amber-400',
statusIcon: Clock,
deadline: de ? 'Sep 2026: Meldepflichten · Dez 2027: Vollstaendig anzuwenden' : 'Sep 2026: Reporting · Dec 2027: Fully applicable',
affectedCompanies: de ? 'Alle Hersteller von Produkten mit digitalen Elementen (Hardware & Software)' : 'All manufacturers of products with digital elements (hardware & software)',
keyRequirements: de
? [
'Security by Design fuer alle Produkte mit Software',
'Schwachstellen-Management ueber gesamten Produktlebenszyklus',
'Software Bill of Materials (SBOM) fuer jedes Produkt',
'Kostenlose Sicherheitsupdates fuer Kunden',
'Meldepflicht bei aktiv ausgenutzten Schwachstellen (24h)',
'Konformitaetsbewertung durch Drittstelle (fuer kritische Produkte)',
'CE-Kennzeichnung fuer Cybersecurity-Compliance',
]
: [
'Security by design for all products with software',
'Vulnerability management across entire product lifecycle',
'Software Bill of Materials (SBOM) for every product',
'Free security updates for customers',
'Reporting of actively exploited vulnerabilities (24h)',
'Third-party conformity assessment (for critical products)',
'CE marking for cybersecurity compliance',
],
fines: de ? 'Bis zu 15 Mio. EUR oder 2,5% des weltweiten Jahresumsatzes' : 'Up to EUR 15M or 2.5% of global annual revenue',
howWeHelp: de
? [
'Automatische SBOM-Generierung aus Code-Repositories',
'Kontinuierliches Schwachstellen-Scanning (Trivy, Grype)',
'Security-Fixes durch 1000B Cloud-LLM implementiert',
'CRA-konforme Dokumentation und Audit-Trail',
'Risikoanalysen fuer Embedded-Software und Firmware',
]
: [
'Automatic SBOM generation from code repositories',
'Continuous vulnerability scanning (Trivy, Grype)',
'Security fixes implemented by 1000B cloud LLM',
'CRA-compliant documentation and audit trail',
'Risk assessments for embedded software and firmware',
],
},
nis2: { nis2: {
fullName: de ? 'NIS-2-Richtlinie (EU 2022/2555)' : 'NIS2 Directive (EU 2022/2555)', fullName: de ? 'NIS-2-Richtlinie (EU 2022/2555)' : 'NIS2 Directive (EU 2022/2555)',
status: de ? 'Umsetzung in nationales Recht laeuft' : 'National transposition in progress', status: de ? 'Umsetzung in nationales Recht laeuft' : 'National transposition in progress',

6
pitch-deck/components/slides/SolutionSlide.tsx
View File

@@ -3,7 +3,7 @@
import { motion } from 'framer-motion' import { motion } from 'framer-motion'
import { Language } from '@/lib/types' import { Language } from '@/lib/types'
import { t } from '@/lib/i18n' import { t } from '@/lib/i18n'
import { Server, ShieldCheck, Bot } from 'lucide-react' import { Server, ScanLine, Bot } from 'lucide-react'
import GlassCard from '../ui/GlassCard' import GlassCard from '../ui/GlassCard'
import GradientText from '../ui/GradientText' import GradientText from '../ui/GradientText'
import FadeInView from '../ui/FadeInView' import FadeInView from '../ui/FadeInView'
@@ -13,7 +13,7 @@ interface SolutionSlideProps {
lang: Language lang: Language
} }
const icons = [Server, ShieldCheck, Bot] const icons = [Server, ScanLine, Bot]
const colors = ['from-blue-500 to-cyan-500', 'from-indigo-500 to-purple-500', 'from-purple-500 to-pink-500'] const colors = ['from-blue-500 to-cyan-500', 'from-indigo-500 to-purple-500', 'from-purple-500 to-pink-500']
export default function SolutionSlide({ lang }: SolutionSlideProps) { export default function SolutionSlide({ lang }: SolutionSlideProps) {
@@ -26,7 +26,7 @@ export default function SolutionSlide({ lang }: SolutionSlideProps) {
<GradientText>{i.solution.title}</GradientText> <GradientText>{i.solution.title}</GradientText>
</h2> </h2>
<p className="text-lg text-white/50 max-w-2xl mx-auto"> <p className="text-lg text-white/50 max-w-2xl mx-auto">
<BrandName /> {lang === 'de' ? 'Compliance auf Autopilot' : 'Compliance on Autopilot'} {i.solution.subtitle}
</p> </p>
</FadeInView> </FadeInView>

112
pitch-deck/lib/i18n.ts
View File

@@ -27,49 +27,49 @@ const translations = {
'Anhang: Regulatorik', 'Anhang: Regulatorik',
], ],
cover: { cover: {
tagline: 'Datensouveraenitaet meets KI-Compliance', tagline: 'Compliance & Code-Security fuer den Maschinenbau',
subtitle: 'Pre-Seed · Q4 2026', subtitle: 'Pre-Seed · Q4 2026',
cta: 'Pitch starten', cta: 'Pitch starten',
}, },
problem: { problem: {
title: 'Das Problem', title: 'Das Problem',
subtitle: 'Compliance-Komplexitaet ueberfordert den Mittelstand', subtitle: 'Maschinenbauer entwickeln Software — aber wer sichert Compliance und Code-Sicherheit?',
cards: [ cards: [
{ {
title: 'DSGVO', title: 'DSGVO',
stat: '4.1 Mrd EUR', stat: '4.1 Mrd EUR',
desc: 'Bussgelder seit 2018 in der EU. 83% der KMUs sind nicht vollstaendig konform.', desc: 'Bussgelder seit 2018. Maschinenbauer verarbeiten Kundendaten, Telemetrie und Wartungsprotokolle — oft ohne DSGVO-Prozesse.',
}, },
{ {
title: 'AI Act', title: 'AI Act',
stat: 'Aug 2025', stat: 'Aug 2025',
desc: 'Neue EU-Verordnung tritt in Kraft. Unternehmen muessen KI-Systeme klassifizieren und dokumentieren.', desc: 'Maschinen mit KI-Komponenten muessen klassifiziert werden. Embedded KI in Steuerungen und Predictive Maintenance erfordert Dokumentation.',
}, },
{ {
title: 'NIS2', title: 'CRA & NIS2',
stat: '30.000+', stat: '30.000+',
desc: 'Unternehmen in Deutschland neu betroffen. Cybersecurity-Anforderungen steigen massiv.', desc: 'Der Cyber Resilience Act verpflichtet Hersteller, Software in ihren Produkten abzusichern. NIS2 erweitert die Cybersecurity-Pflichten auf den Maschinenbau.',
}, },
], ],
quote: 'Unternehmen brauchen keine weiteren Compliance-Tools — sie brauchen eine KI, die Compliance fuer sie erledigt.', quote: 'Maschinenbauer brauchen keine Compliance-Berater — sie brauchen eine KI, die ihren Code scannt, Risiken bewertet und Compliance dokumentiert.',
}, },
solution: { solution: {
title: 'Die Loesung', title: 'Die Loesung',
subtitle: 'ComplAI — Compliance auf Autopilot', subtitle: 'ComplAI — Compliance & Code-Security auf Autopilot',
pillars: [ pillars: [
{ {
title: 'Self-Hosted', title: 'Self-Hosted Vorarbeit',
desc: 'Eigene Hardware im Serverraum. Kein Byte verlaesst das Unternehmen. Volle Datensouveraenitaet.', desc: 'Mac Mini oder Mac Studio im Serverraum scannt Code, analysiert Repositories und erstellt Compliance-Dokumente. Kein Byte verlaesst das Unternehmen.',
icon: 'server', icon: 'server',
}, },
{ {
title: 'Auto-Compliance', title: 'Code-Security & DevSecOps',
desc: 'KI erledigt DSGVO, AI Act und NIS2 automatisch. Dokumentation, Audits und Updates — alles KI-gesteuert.', desc: 'Scannt Firmware und Software mit integrierten DevSecOps-Tools (Trivy, Semgrep, Gitleaks). Das 1000B Cloud-LLM implementiert Fixes und schreibt Risikoanalysen.',
icon: 'shield', icon: 'scan',
}, },
{ {
title: 'KI-Assistent', title: 'Compliance-KI',
desc: 'Vollautonomer Kundensupport. Beantwortet Fragen, aendert Dokumente, bereitet Audits vor — 24/7.', desc: 'Macht Ihr Unternehmen UND Ihre Produkte compliant. DSGVO, AI Act, CRA und NIS2 — automatisiert. BSI-zertifiziertes 1000B LLM in Deutschland gehostet.',
icon: 'bot', icon: 'bot',
}, },
], ],
@@ -85,29 +85,29 @@ const translations = {
}, },
howItWorks: { howItWorks: {
title: 'So funktioniert\'s', title: 'So funktioniert\'s',
subtitle: 'In 4 Schritten zur vollstaendigen Compliance', subtitle: 'In 4 Schritten zu Compliance & Code-Security',
steps: [ steps: [
{ {
title: 'Hardware aufstellen', title: 'Hardware aufstellen',
desc: 'Mac Mini oder Mac Studio im Serverraum anschliessen. Plug & Play — keine Cloud noetig.', desc: 'Mac Mini oder Mac Studio im Serverraum anschliessen. Plug & Play — scannt ab Tag 1 Ihre Repositories.',
}, },
{ {
title: 'KI konfigurieren', title: 'Code-Repos verbinden',
desc: 'Branche, Groesse und Regularien angeben. Die KI erstellt automatisch alle Compliance-Dokumente.', desc: 'Git-Repos, CI/CD Pipelines und Firmware-Projekte anbinden. Die lokale KI scannt automatisch auf Schwachstellen und Compliance-Luecken.',
}, },
{ {
title: 'Compliance automatisieren', title: 'Compliance & Security automatisieren',
desc: 'Laufende Ueberwachung, automatische Updates bei Rechtsaenderungen und Audit-Vorbereitung.', desc: 'Laufende Code-Analyse und Risikoanalysen bei jeder Aenderung. Bei kritischen Fixes schaltet sich das 1000B Cloud-LLM zu und implementiert Verbesserungen.',
}, },
{ {
title: 'Audit bestehen', title: 'Audit bestehen',
desc: 'Vollstaendige Dokumentation auf Knopfdruck. Behoerdenanfragen werden KI-gestuetzt beantwortet.', desc: 'Vollstaendige Dokumentation fuer DSGVO, AI Act, CRA und NIS2 auf Knopfdruck. Risikobeurteilungen fuer Ihre Software inklusive.',
}, },
], ],
}, },
market: { market: {
title: 'Marktchance', title: 'Marktchance',
subtitle: 'Der Compliance-Markt waechst zweistellig', subtitle: 'Der Maschinenbau braucht Compliance & Code-Security',
tam: 'TAM', tam: 'TAM',
sam: 'SAM', sam: 'SAM',
som: 'SOM', som: 'SOM',
@@ -188,10 +188,10 @@ const translations = {
send: 'Senden', send: 'Senden',
thinking: 'Denke nach...', thinking: 'Denke nach...',
suggestions: [ suggestions: [
'Wie skaliert das Geschaeftsmodell?', 'Wie funktioniert die Code-Security fuer Firmware?',
'Was ist der unfaire Vorteil?', 'Warum koennen Proliance und DataGuard das nicht?',
'Wie sieht die Exit-Strategie aus?', 'Was kostet die Loesung fuer einen Maschinenbauer?',
'Warum Self-Hosting statt Cloud?', 'Wie sieht die Risikoanalyse fuer unsere Software aus?',
], ],
}, },
annex: { annex: {
@@ -209,7 +209,7 @@ const translations = {
}, },
regulatory: { regulatory: {
title: 'Regulatorische Details', title: 'Regulatorische Details',
subtitle: 'Die drei Saeulen der EU-Compliance', subtitle: 'Die vier Saeulen der EU-Compliance fuer Maschinenbauer',
}, },
engineering: { engineering: {
title: 'Engineering Deep Dive', title: 'Engineering Deep Dive',
@@ -247,49 +247,49 @@ const translations = {
'Appendix: Regulatory', 'Appendix: Regulatory',
], ],
cover: { cover: {
tagline: 'Data Sovereignty meets AI Compliance', tagline: 'Compliance & Code Security for Machine Manufacturers',
subtitle: 'Pre-Seed · Q4 2026', subtitle: 'Pre-Seed · Q4 2026',
cta: 'Start Pitch', cta: 'Start Pitch',
}, },
problem: { problem: {
title: 'The Problem', title: 'The Problem',
subtitle: 'Compliance complexity overwhelms SMEs', subtitle: 'Machine manufacturers develop software — but who ensures compliance and code security?',
cards: [ cards: [
{ {
title: 'GDPR', title: 'GDPR',
stat: 'EUR 4.1B', stat: 'EUR 4.1B',
desc: 'in fines since 2018 across the EU. 83% of SMEs are not fully compliant.', desc: 'in fines since 2018. Machine manufacturers process customer data, telemetry and maintenance logs — often without GDPR processes.',
}, },
{ {
title: 'AI Act', title: 'AI Act',
stat: 'Aug 2025', stat: 'Aug 2025',
desc: 'New EU regulation takes effect. Companies must classify and document AI systems.', desc: 'Machines with AI components must be classified. Embedded AI in controllers and predictive maintenance requires documentation.',
}, },
{ {
title: 'NIS2', title: 'CRA & NIS2',
stat: '30,000+', stat: '30,000+',
desc: 'companies newly affected in Germany. Cybersecurity requirements increase massively.', desc: 'The Cyber Resilience Act obligates manufacturers to secure software in their products. NIS2 extends cybersecurity obligations to machine manufacturing.',
}, },
], ],
quote: 'Companies don\'t need more compliance tools — they need an AI that handles compliance for them.', quote: 'Machine manufacturers don\'t need compliance consultants — they need an AI that scans their code, assesses risks and documents compliance.',
}, },
solution: { solution: {
title: 'The Solution', title: 'The Solution',
subtitle: 'ComplAI — Compliance on Autopilot', subtitle: 'ComplAI — Compliance & Code Security on Autopilot',
pillars: [ pillars: [
{ {
title: 'Self-Hosted', title: 'Self-Hosted Preprocessing',
desc: 'Own hardware in your server room. No data leaves the company. Full data sovereignty.', desc: 'Mac Mini or Mac Studio in your server room scans code, analyzes repositories and creates compliance documents. No data leaves the company.',
icon: 'server', icon: 'server',
}, },
{ {
title: 'Auto-Compliance', title: 'Code Security & DevSecOps',
desc: 'AI handles GDPR, AI Act and NIS2 automatically. Documentation, audits and updates — all AI-powered.', desc: 'Scans firmware and software with integrated DevSecOps tools (Trivy, Semgrep, Gitleaks). The 1000B cloud LLM implements fixes and writes risk assessments.',
icon: 'shield', icon: 'scan',
}, },
{ {
title: 'AI Assistant', title: 'Compliance AI',
desc: 'Fully autonomous customer support. Answers questions, modifies documents, prepares audits — 24/7.', desc: 'Makes your company AND your products compliant. GDPR, AI Act, CRA and NIS2 — automated. BSI-certified 1000B LLM hosted in Germany.',
icon: 'bot', icon: 'bot',
}, },
], ],
@@ -305,29 +305,29 @@ const translations = {
}, },
howItWorks: { howItWorks: {
title: 'How It Works', title: 'How It Works',
subtitle: 'Full compliance in 4 steps', subtitle: 'Compliance & code security in 4 steps',
steps: [ steps: [
{ {
title: 'Set Up Hardware', title: 'Set Up Hardware',
desc: 'Connect Mac Mini or Mac Studio in your server room. Plug & Play — no cloud needed.', desc: 'Connect Mac Mini or Mac Studio in your server room. Plug & Play — scans your repositories from day one.',
}, },
{ {
title: 'Configure AI', title: 'Connect Code Repos',
desc: 'Specify industry, size, and regulations. The AI automatically creates all compliance documents.', desc: 'Connect Git repos, CI/CD pipelines and firmware projects. The local AI automatically scans for vulnerabilities and compliance gaps.',
}, },
{ {
title: 'Automate Compliance', title: 'Automate Compliance & Security',
desc: 'Continuous monitoring, automatic updates for regulatory changes and audit preparation.', desc: 'Continuous code analysis and risk assessments on every change. For critical fixes, the 1000B cloud LLM steps in and implements improvements.',
}, },
{ {
title: 'Pass Audits', title: 'Pass Audits',
desc: 'Complete documentation at the push of a button. Authority inquiries answered AI-powered.', desc: 'Complete documentation for GDPR, AI Act, CRA and NIS2 at the push of a button. Risk assessments for your software included.',
}, },
], ],
}, },
market: { market: {
title: 'Market Opportunity', title: 'Market Opportunity',
subtitle: 'The compliance market grows double-digit', subtitle: 'Machine manufacturing needs compliance & code security',
tam: 'TAM', tam: 'TAM',
sam: 'SAM', sam: 'SAM',
som: 'SOM', som: 'SOM',
@@ -408,10 +408,10 @@ const translations = {
send: 'Send', send: 'Send',
thinking: 'Thinking...', thinking: 'Thinking...',
suggestions: [ suggestions: [
'How does the business model scale?', 'How does code security work for firmware?',
'What is the unfair advantage?', 'Why can\'t Proliance and DataGuard do this?',
'What does the exit strategy look like?', 'What does the solution cost for a machine manufacturer?',
'Why self-hosting instead of cloud?', 'What does the risk assessment for our software look like?',
], ],
}, },
annex: { annex: {
@@ -429,7 +429,7 @@ const translations = {
}, },
regulatory: { regulatory: {
title: 'Regulatory Details', title: 'Regulatory Details',
subtitle: 'The three pillars of EU compliance', subtitle: 'The four pillars of EU compliance for machine manufacturers',
}, },
engineering: { engineering: {
title: 'Engineering Deep Dive', title: 'Engineering Deep Dive',

86
update_pitch_deck_maschinenbau.sql Normal file
View File

@@ -0,0 +1,86 @@
-- Migration: Pivot Pitch Deck to Maschinen- und Anlagenbau
-- Date: 2026-02-17
BEGIN;
-- 1. Company tagline/mission
UPDATE pitch_company SET
tagline_de = 'Compliance & Code-Security fuer den Maschinenbau',
tagline_en = 'Compliance & Code Security for Machine Manufacturers',
mission_de = 'Wir machen Maschinenbauer compliant — nicht nur organisatorisch, sondern auch fuer ihre eigene Software. Unser BSI-zertifiziertes 1000B LLM scannt Code, bewertet Risiken und dokumentiert Compliance automatisch.',
mission_en = 'We make machine manufacturers compliant — not just organizationally, but also for their own software. Our BSI-certified 1000B LLM scans code, assesses risks and documents compliance automatically.'
WHERE id = 1;
-- 2. Market: TAM/SAM/SOM
UPDATE pitch_market SET
label = 'Global Compliance & DevSecOps Software (Manufacturing)',
value_eur = 8700000000,
growth_rate_pct = 16.2,
source = 'Grand View Research + MarketsAndMarkets 2024'
WHERE market_segment = 'TAM';
UPDATE pitch_market SET
label = 'DACH Maschinenbau Compliance & Security',
value_eur = 850000000,
growth_rate_pct = 19.5,
source = 'VDMA / Statista / IDC 2024'
WHERE market_segment = 'SAM';
UPDATE pitch_market SET
label = 'DACH Maschinenbauer mit Eigenentwicklung (10% VDMA)',
value_eur = 7200000,
growth_rate_pct = 25.0,
source = 'VDMA (5.000 DACH) x 10% x 14.400 EUR/Jahr'
WHERE market_segment = 'SOM';
-- 3. Features: Add differentiator rows
INSERT INTO pitch_features (feature_name_de, feature_name_en, category, breakpilot, proliance, dataguard, heydata, is_differentiator, sort_order) VALUES
('Firmware/Code-Scanning', 'Firmware/Code Scanning', 'security', true, false, false, false, true, 15),
('Software-Risikoanalyse (CRA)', 'Software Risk Assessment (CRA)', 'security', true, false, false, false, true, 16),
('DevSecOps Pipeline Integration', 'DevSecOps Pipeline Integration', 'security', true, false, false, false, true, 17),
('Cyber Resilience Act Compliance', 'Cyber Resilience Act Compliance', 'compliance', true, false, false, false, true, 18)
ON CONFLICT DO NOTHING;
-- 4. Competitors: Update weaknesses
UPDATE pitch_competitors SET
weaknesses = '["Nur Cloud", "Keine eigene KI", "Kein Code-Scanning", "Keine Firmware-Analyse", "Kein Self-Hosting"]'
WHERE name = 'Proliance 360';
UPDATE pitch_competitors SET
weaknesses = '["Teuer", "Cloud-only", "Keine Code-Security", "Keine Firmware-Compliance", "Lock-in Effekt"]'
WHERE name = 'DataGuard';
UPDATE pitch_competitors SET
weaknesses = '["Begrenzte Features", "Keine KI", "Kein Code-Scanning", "Nur Cloud", "Kein Enterprise"]'
WHERE name = 'heyData';
-- 5. Products: Update capabilities for Maschinenbau
UPDATE pitch_products SET
llm_capability_de = 'Lokale Code-Analyse, Compliance-Dokumente, Basis-Schwachstellenscan. Vorarbeit fuer das Cloud-LLM.',
llm_capability_en = 'Local code analysis, compliance documents, basic vulnerability scan. Preprocessing for cloud LLM.',
features_de = '["DSGVO-Compliance", "AI Act Dokumentation", "Basis-Code-Scanning", "E-Mail-Support"]',
features_en = '["GDPR Compliance", "AI Act Documentation", "Basic Code Scanning", "Email Support"]'
WHERE name = 'ComplAI Mini';
UPDATE pitch_products SET
llm_capability_de = 'Erweiterte Code-Analyse, Firmware-Scanning, Multi-Repository-Verarbeitung. Lokale Vorarbeit + Cloud-LLM fuer Fixes.',
llm_capability_en = 'Advanced code analysis, firmware scanning, multi-repository processing. Local preprocessing + cloud LLM for fixes.',
features_de = '["Alles aus Mini", "Firmware-Scanning", "DevSecOps Integration", "Priority Support", "CRA-Dokumentation"]',
features_en = '["Everything in Mini", "Firmware Scanning", "DevSecOps Integration", "Priority Support", "CRA Documentation"]'
WHERE name = 'ComplAI Studio';
UPDATE pitch_products SET
llm_capability_de = 'BSI-zertifiziertes 1000B Cloud-LLM: scannt, behebt und dokumentiert Schwachstellen in Firmware und Software automatisch. Fuer alle Mitarbeiter nutzbar.',
llm_capability_en = 'BSI-certified 1000B cloud LLM: scans, fixes and documents vulnerabilities in firmware and software automatically. Available for all employees.',
features_de = '["Alles aus Studio", "Vollautonome Code-Security", "Risikoanalysen fuer Eigenentwicklungen", "24/7 Verfuegbarkeit", "SLA 99.9%", "Dedicated Account Manager"]',
features_en = '["Everything in Studio", "Fully Autonomous Code Security", "Risk Assessments for In-House Development", "24/7 Availability", "SLA 99.9%", "Dedicated Account Manager"]'
WHERE name = 'ComplAI Cloud';
-- 6. Financials: Adjust customer projections (max ~380 by 2030)
UPDATE pitch_financials SET customers_count = 5, revenue_eur = 72000, mrr_eur = 6000, arr_eur = 72000 WHERE year = 2026;
UPDATE pitch_financials SET customers_count = 30, revenue_eur = 430000, mrr_eur = 36000, arr_eur = 432000 WHERE year = 2027;
UPDATE pitch_financials SET customers_count = 100, revenue_eur = 1400000, mrr_eur = 120000, arr_eur = 1440000 WHERE year = 2028;
UPDATE pitch_financials SET customers_count = 220, revenue_eur = 3200000, mrr_eur = 264000, arr_eur = 3168000 WHERE year = 2029;
UPDATE pitch_financials SET customers_count = 380, revenue_eur = 5500000, mrr_eur = 456000, arr_eur = 5472000 WHERE year = 2030;
COMMIT;