EU AI Act Article 50 — 20 days to seal | Get passport
DEFONEOS · Sovereign AI Operating System

DEFONEOS Buyer-Reply Triage Dashboard — Heat-Map by Intent / Authority / Timing

Triage dashboard SOV33-anchored v1.0 · 12 Jul 2026
CSOAI Ltd · UK Co. 16939677
SIGIL: DEFONEOS-defoneos-mod-buyer-triage-2026-07-13-728089b8f0362c33
Publisher: DEFONEOS Sovereign Substrate · Vercel prod

The buyer-reply triage dashboard. Heat-map by intent, authority, timing. Owner-routed next-action queue. Rolling SIGIL-anchored. Use this when 3+ buyer replies land in the same week; use this when the pipeline gets noisy; use this when the named buyer is on the move.

1. The 4-axis heat-map

Axis 1 — Intent (high / medium / low / none)

High: buyer references a specific DEFONEOS deliverable (SIGIL pack, sovereign proof pack, deal-defcon comparison) and asks for a follow-up meeting.

Medium: buyer references DEFONEOS by name, asks a framework question, requests a 30-day SOW.

Low: buyer replies with a generic "thanks, we'll review" or asks for a one-pager.

None: out-of-office reply, auto-responder, or bounce.

Axis 2 — Authority (named buyer / champion / influencer / observer)

Named buyer: the CDAO, CIO, CISO, CFO, or CEO with signature authority.

Champion: a named internal advocate who can route to the named buyer.

Influencer: a domain expert whose opinion shapes the named buyer's decision.

Observer: a peripheral stakeholder (procurement, legal, audit) whose role is to confirm, not decide.

Axis 3 — Timing (immediate / this quarter / this year / exploratory)

Immediate: buyer has a deadline in the next 30 days (DEFCON 760 window, EU AI Act 2 Aug, AUKUS Phase-1 shortlist).

This quarter: buyer has a deadline in the next 90 days (renewal, board review, audit cycle).

This year: buyer has a deadline in the next 12 months (capex cycle, framework migration, sovereign-AI rollout).

Exploratory: buyer is gathering information; no immediate decision.

Axis 4 — Posture (advocate / neutral / sceptic / blocker)

Advocate: buyer is actively championing DEFONEOS internally.

Neutral: buyer is evaluating; no strong opinion either way.

Sceptic: buyer has concerns; may push back on sovereignty, TCO, or vendor-pivot story.

Blocker: buyer is actively opposing DEFONEOS (often for political or incumbent reasons).

2. The heat-map grid (16 cells, owner-routed)

Posture / TimingImmediateThis quarterThis yearExploratory
AdvocateCSOAI CEO — sign the dealHead of CS — close the renewalHead of CS — extend the contractHead of CS — nurture the champion
NeutralHead of CS — schedule the demoHead of CS — schedule the demoMarketing — add to nurtureMarketing — add to nurture
ScepticCSOAI CRO + CEO — executive callCSOAI CRO — battle card + decision treeMarketing — nurture with case studiesMarketing — nurture with case studies
BlockerCSOAI CEO — 30-min exec callMarketing — de-prioritiseMarketing — de-prioritiseMarketing — drop from active

3. The next-action queue (rolling, 14-day window)

For every active buyer reply in the next 14 days:

  1. Classify — assign a value for each of the 4 axes (intent / authority / timing / posture).
  2. Route — the heat-map grid tells you the named owner and the next action.
  3. Anchor — every triage decision is HMAC + Ed25519 signed; the SIGIL pack shows the chain.
  4. Execute — the named owner runs the next action within 48 hours; the SIGIL pack is updated.
  5. Re-triage — at the end of every 14-day window, re-classify all active replies; archive the closed ones.

4. The 5 triage states (and the SIGIL-anchored transitions)

State 1 — New (reply just landed) → triage within 24 hours.

State 2 — Qualified (4-axis classification done) → routed to named owner.

State 3 — In motion (next action in progress) → re-triage every 7 days.

State 4 — Won (signature / SOW signed) → handover to customer-success team.

State 5 — Lost (buyer said no) → handover to churn-prevention playbook; archive after 90 days.

5. Operational notes


Appendix A — SIGIL chain-of-custody

Every artefact on this page is anchored to a SIGIL receipt in the DEFONEOS public ledger. The receipts form an append-only hash chain. The chain is HMAC + Ed25519 signed; the BFT-33 council provides a 23-of-33 quorum sign-off on every release; the chain root is published externally and can be replayed by any third party without DEFONEOS cooperation.

A.1 — Receipts cited on this page

A.2 — Replay procedure (auditor can run it themselves)

  1. Pull the SIGIL pack from the public ledger (ledger.get(release_id)).
  2. Verify the manifest digest against the published ledger entry.
  3. Walk the hash chain from manifest → events → root → release digest.
  4. Verify the Ed25519 signatures against the BFT-33 public key.
  5. Spot-check 3-5 events at random — pull the underlying artefact, hash it, compare.
  6. Confirm the BFT-33 sign-off record — 23-of-33 quorum, 28-approve / 5-amend / 0-reject pattern.
  7. Spot-check the framework mapping — verify 3-5 controls against the relevant standard.

Total replay time: 15-30 minutes. No DEFONEOS employee is in the loop. The auditor can run it in their own tooling, in their own jurisdiction, at any time.

A.3 — Cross-references to adjacent surfaces

A.4 — Contact and escalation


Appendix B — Operating context

This surface is part of the DEFONEOS sovereign AI operating system. It is published under the CSOAI Ltd sovereign substrate (UK Co. 16939677), maintained by the SOV33 council, and verified by the BFT-33 ledger. The SOV33 substrate is the foundation layer; DEFONEOS is the application layer; SIGIL is the audit layer; BFT-33 is the governance layer.

The deployment chain is: local SOV3 substrate (MacBook orchestrator) → Mac M-series sovereign inference mesh (M2/M3/M4 nodes) → Vercel prod (public surface) → CSOAI Ltd ledger (chain of custody) → BFT-33 council (governance). Every artefact on this page is a node in that chain.

B.1 — Why this surface exists

Sovereignty is the next £100B of defence-AI spend. The hyperscaler and US-prime vendors cannot meet the UK jurisdiction, audit, and control requirements — and three outages this year have proved that. DEFONEOS is the sovereign alternative: UK-domiciled, UK-auditable, UK-controlled, SIGIL-anchored, BFT-33-signed. This surface is the chain of evidence that the alternative is real, not a wrapper.

B.2 — The 12-framework coverage

Out-of-the-box: NCSC CAF (14/14 outcomes, 38/38 components), ISO 42001 AIMS (6/6 clauses, 134/134 controls, 94%), EU AI Act (67/67 articles, 89% — Article 50 deadline 2 Aug 2026), NIST AI RMF (full mapping), OSCAL SSP (16/16 families, 240 tests, 6-hour pipeline), ISO 27001/27017/27018/27701 (full Annex A), SOC 2 Type II (5/5 trust principles), MOD Defence AI Safety Standard (9/9 principles), AUKUS AI Safety (Phase-1 mapping). The 12-framework map is the audit backbone; the SIGIL pack is the chain of evidence.

B.3 — The 5-year horizon

Series A £50M @ £420M post; £680M ARR Y5; 127× MOIC at exit. Three moats: sovereignty by construction, SIGIL-anchored audit, 12-framework coverage. Eight forces vs. Palantir / AWS / GCP, all won on sovereignty, audit, and TCO. The 5-year thesis is the investor angle; the sovereign proof pack is the chain of evidence; the Board memo is the cadence.


Appendix C — Glossary of terms