You're pledging to donate if the project hits its minimum goal and gets approved. If not, your funds will be returned.
I run a small R&D lab that's operated day-to-day by a team of AI agents I built.
The thing that makes shipping their code safe enough is a governance layer. A deterministic gates that review every change before it merges.
I want to turn the measurement side of that into an open benchmark. A way for anyone to test whether their AI code-review actually catches unsafe changes, instead of assuming it does.
A benchmark other people can run, not just a paper.
Three parts - a protocol for injecting known defects into real code so you can measure catch-rate, a test of whether multiple AI reviewers miss the same things - whether their misses are independent or correlated when they share a base model, which decides whether stacking reviewers actually helps, and reproducing it on at least two unrelated codebases so it isn't just tuned to mine.
All open-sourced.
$60,000 is about four months of full-time work to build and open-source it.
The defect-injection protocol, the reviewer-independence measurement, and the cross-codebase reproduction.
It's not runway for the company. It's the work to get the benchmark built and public.
It's me, plus the agent fleet I built and run. The fleet has built 5 products in production that work as a flywheel.
The track record is the system itself. It's been in production on my own company for months.
It's blocked real security bugs before they shipped, it once caught a bug inside its own tooling, and, to be honest about it, it once flagged a problem but graded it too soft, so the change shipped and I fixed it after.
That miss is what made me write the rule that a security finding blocks the merge, no exceptions. A gate that gets better from its own failures is the point.
The most likely disappointment is that reviewer-independence turns out weak. The AI reviewers mostly miss the same things, so stacking them buys less than people assume.
If that's the answer it still ships as a useful finding, just not the hoped-for one. The other risk is overfitting the benchmark to my own code, I'm mitigating that by reproducing on a second, unrelated codebase before calling it done.
Pre-revenue. In the last 12 months: a committed angel at $100k for 5%, not yet drawn. I'm applying concurrently to the EA Long-Term Future Fund and Emergent Ventures.