WhatA consumer-friendly, open-source mobile operating system that runs Android apps without Google services, sold pre-installed on affordable hardware.
SignalTechnical users are fed up with Google's increasing control over Android and are migrating to alternatives like GrapheneOS and LineageOS, but they acknowledge that these solutions require a doctorate-level understanding of computers — there is zero viable path for the 99% of normal users who also deserve privacy and device sovereignty.
Why NowGoogle's new developer verification system that installs a system-level app to check sideloaded software is pushing even loyal Android power users to the exit, and geopolitical shifts (especially EU desire for US tech independence) create a regulatory and funding tailwind for European mobile alternatives.
MarketPrivacy-conscious consumers globally, initially the ~50M+ users of custom ROMs and privacy tools; hardware + services revenue model. Competitors like Jolla/Sailfish exist but are closed-source and poorly executed; /e/OS and Murena are closest but lack mainstream distribution.
MoatPre-installed hardware partnerships create distribution moat; open-source community contributions create a development flywheel; app compatibility layer is extremely hard to build and becomes a switching cost once users depend on it.
Automated Supply Chain Attack Detection for Package RegistriesP7/10A real-time monitoring service that detects compromised packages on npm, PyPI, crates.io, and other registries by analyzing behavioral anomalies like credential-bypassed publishes, injected phantom dependencies, and suspicious postinstall scripts.
Zero-Trust Dependency Firewall for Development EnvironmentsC7/10A local proxy that intercepts all package installs, enforces configurable quarantine periods, blocks postinstall scripts by default, and provides a unified policy layer across npm, pip, cargo, and Go modules.
Dependency Security Copilot for AI Coding AgentsC8/10A plugin for LLM coding agents (Cursor, Claude Code, Copilot Workspace) that intercepts dependency operations, validates packages against threat intelligence, and prevents agents from blindly installing or upgrading to compromised versions.
Managed Dependency Mirror with Built-In QuarantineC7/10A hosted private registry proxy that mirrors npm, PyPI, and crates.io with an automatic 72-hour quarantine on all new publishes, behavioral analysis scanning, and instant rollback — so teams never pull a package version less than 3 days old.
AI Code Provenance and Supply Chain AuditingP6/10A platform that scans npm packages, PyPI modules, and other registries for accidentally leaked source maps, prompts, API keys, and internal business logic — alerting maintainers before attackers find them.
AI Authorship Detection for Code ContributionsC6/10A tool that integrates with GitHub/GitLab to probabilistically flag whether a pull request or commit was written by an AI agent, giving maintainers transparency without relying on self-disclosure.