EU AI Act Article 50 โ€” 20 days to seal | Get passport

DEFONEOS 100

How one man and an AI built a sovereign defence AI operating system in 100 days โ€” and the 100-year vision that follows.

100Days to Build
183Pages Live
30MCP Servers
188+Tools
49K+SIGIL Receipts
1Founder

๐Ÿ“– Part I โ€” The Origin Story (100 Days to Build)

Day 1 โ€” March 2026

The Spark

Nick Templeman sat in his office in Somerset, surveying the UK defence AI landscape. Palantir โ€” closed-source, American, $50M/year per deployment. Anduril โ€” hardware-locked, American. Helsing โ€” European but single-domain, VC-controlled. BAE Systems โ€” slow, expensive, Cold War architecture. "Britain needs its own," he thought. "Open. Sovereign. Multi-domain. Audit-grade." CSOAI Ltd (UK Companies House 16939677) was incorporated the same week.

Day 3

First Principles

The founding doctrine was written: open-source by default, sovereign by design, auditable by law, affordable by necessity. No black boxes. No vendor lock-in. No foreign data dependencies. Every decision Ed25519-signed. Every action BFT-governed. Every artifact SIGIL-chained. The 7 immutable red lines were carved.

Day 7

The Stack Chosen

Python + FastAPI for MCP servers. CesiumJS for 3D globe visualization. FreeTAKServer for tactical data links. Mava for swarm coordination. Ollama for on-device inference. PostgreSQL for memory. Ed25519 for signatures. All open-source. All sovereign. All free.

Day 14 โ€” SOV3 First Breath

The Sovereign Substrate Lives

The first SOV3 tools went live on a GCP VM. 12 tools. Basic. But they worked. The first SIGIL receipt was emitted โ€” Ed25519-signed proof that the system existed and made a decision. The hash chain had begun. The first entry: C|genesis|sov3|sovereign-substrate-initialized. Block 0.

Day 21

First MCP Published

The EU AI Act compliance MCP โ€” the first of 30 โ€” went to PyPI. pip install eu-ai-act-compliance-mcp. The pattern was set: every MCP would be pip-installable, Apache 2.0, and sovereign. The marketplace was born.

Day 30 โ€” The 33 Hives

Sovereign Mesh Activated

33 autonomous AI nodes were activated. Each one a sovereign agent with its own domain โ€” compliance, security, ISR, swarm, logistics, cyber, medical, logistics, space, maritime, land, air. The BFT council was formed โ€” 22-of-33 quorum on every decision. No single AI could act alone. No single human could override the quorum. The first check-and-balance was cryptographic.

Day 40

Vercel Deployment โ€” First 50 Pages

50 HTML pages went live on Vercel. Landing, documentation, API specs, pricing, demo, Series A deck. All dark-themed, all fast, all SEO-optimized. The public face of DEFONEOS was born.

Day 50 โ€” The Data Moat

50GB of UK Sovereign Data

50GB of UK government data landed on the VM. Land Registry. Companies House. OS Open Names. ONS Statistics. Met Office. Every OGL dataset. The data moat started filling โ€” and every byte was OGL-licensed, sovereign, and free.

Day 60

The 3-Layer Audit Chain

The OrgKernel pattern was implemented: L1 Identity (Ed25519 public key registration) โ†’ L2 Execution (hash-chained action logging) โ†’ L3 Compliance (signed assertions against EU AI Act, GDPR, JSP 936, ISO 27001). Every action was now cryptographically attestable. Regulators could replay any decision.

Day 70 โ€” The Kimi Research

596 Files of Deep Analysis

Kimi delivered 596 research files โ€” 41MB of deep defence AI analysis. Tunnel architecture. Pheromone SIGIL system. Frequencyโ†’Intuition theory. Bio-cyber swarm blueprints. AUKUS Pillar 2 compatibility. NATO STO alignment. The intellectual foundation was complete.

Day 80

The DORADO Security Layer

DORADO was built: foreign-access detection, quantum-safe key rotation (ML-DSA-65, ML-KEM-768), NIST PQC migration path, SOC dashboard, bot detector, shift handoff, customer audit export. The security operations center was live.

Day 85 โ€” 30 MCPs

The Full Sensor Layer

The 30th MCP server went operational. The full inventory: ISR (satellite, AIS, ADS-B, camera), Cyber (threat detection, vulnerability scan, SIEM), Counter-drone (RF detection, jamming), Swarm (Mava, PX4), Compliance (EU AI Act, JSP 936, ISO 42001), Governance (BFT council, SIGIL chain, charter), Data (OS Open, Companies House, ONS). The sensor-to-shooter chain was connected.

Day 90

15 P0 Repos Cloned

15 priority open-source defence projects cloned and wired: FreeTAKServer, OpenAthena, Mava, ArduPilot, MAVSDK, CesiumJS, Sentinel-Hub, OpenAIP, YOLOv8, OWASP LLM, C2PA, OSCAL, and more. The open-source army was assembled.

Day 95

STRIDE Threat Model Complete

Full STRIDE analysis: 4 Critical threats (adversarial ML, chain fork, red-line override, air-gap bridge), 7 High, 11 Medium, 6 Low. 28 mitigations deployed. 7 immutable red lines enforced with cryptographic guarantees.

Day 100 โ€” July 4, 2026

๐Ÿš€ LAUNCH โ€” Independence Day

DEFONEOS goes live. 183 pages. 30 MCPs. 188+ tools. 49K+ SIGIL receipts. 15 P0 repos. One sovereign OS. Built in 100 days. By one man and his AI. The sprint continues โ€” but the foundation is solid.

"100 days. 1 founder. 1 AI. 1 OS. 12 domains. 0 excuses. Britain built an empire with ships. We build the next one with code."

๐Ÿš€ Part II โ€” The First 100 Days of Operations

Launch was Day 100. The next 100 days (July 4 โ†’ October 12, 2026) are the operational phase โ€” converting the platform into the first MOD contact.

Phase 1: Foundation (Days 1-10, Jul 4-13) ACTIVE

Goal: Compliance-ready. First demo working. First contact made.

Phase 2: Sensor Blitz (Days 11-30, Jul 14-Aug 3) PLANNED

Goal: 17+ sensor MCPs feeding Cesium globe. Digital Twin of Yorkshire live.

Phase 3: Core Demo (Days 31-60, Aug 4 - Sep 2) PLANNED

Goal: Show it works end-to-end. C2 backbone operational.

Phase 4: GTM (Days 61-100, Sep 3 - Oct 12) PLANNED

Goal: First contract. First MOD pilot.

๐Ÿ”ฎ Part III โ€” The 100-MCP Roadmap

The 100-day build delivered 30 MCPs. The vision is 100 โ€” covering every defence, civil, and intelligence domain.

BatchCountCategoryStatusTimeline
Core Compliance & Governance10EU AI Act, JSP 936, BFT, SIGIL, OrgKernel, Charter, DID, Article 50โœ… DoneDays 1-30
Sensor Layer10Satellite, AIS, ADS-B, Camera, RF, Weather, Seismic, Air Quality, Maritime, OSINTโœ… DoneDays 4-6
UK Open Data10OS Open, Companies House, ONS, Met Office, DEFRA, NHS, DfT, BEIS, MHCLG, ONSโœ… DoneDays 4-6
Intelligence & ISR15GDELT, Sentinel, OpenAIP, ADSBexchange, RTSP, MQTT, BLE, LoRa, Sonar, Radar, SIGINT, IMINT, OSINT, MASINT, HUMINT๐ŸŸก NextDays 11-30
Cyber Operations10CVE scan, SIEM, IDS, Honeypot, Pen test, WAF, Zero-trust, PQC, SBOM, Attestation๐ŸŸก NextDays 31-60
Logistics & Supply Chain10Inventory, RFID, Procurement, Chain-of-custody, C-TPAT, NATO codification, DLA, DSCA๐Ÿ”ด PlannedDays 61-80
Coalition & Five Eyes10A2A protocol, TDL (Link 16), VMF, NATO Codification, ABCA, FVEY data exchange, STANAG๐Ÿ”ด PlannedDays 81-100
Civil Resilience10Flood, Fire, Earthquake, Pandemic, Power grid, Water, Comms outage, Evacuation, Shelter, Rationing๐Ÿ”ด PlannedDays 81-100
Medical & CBRN5Telehealth, Triage, CBRN detection, Medical logistics, Field hospital๐Ÿ”ด PlannedDays 81-100
Space Domain10Orbital tracking, Space weather, Debris catalog, Launch detection, SATCOM, GPS integrity, SSA๐Ÿ”ด PlannedPost-100
30Built Now
25Next 30 Days
45By Day 100 Ops
100Total Vision

๐Ÿ›๏ธ Part IV โ€” The 100-Year Vision

DEFONEOS is not a product. It is infrastructure โ€” the sovereign digital backbone for the United Kingdom's defence, civil resilience, and intelligence communities for the next century.

2026-2027
Foundation
30 MCPs โ†’ 50. First MOD pilot. Cyber Essentials. SC clearance. DASA grant. Digital Twin of Yorkshire.
2027-2028
Growth
50 โ†’ 75 MCPs. First contract signed. G-Cloud listing. NATO DIANA. ISO 27001 + 42001. BFT managed service launched.
2028-2030
Scale
100 MCPs. Multi-region sovereign cloud (UK/EU/US/AU). AUKUS Pillar 2 integration. Coalition federation. First overseas deployment.
2030-2035
Standard
DEFONEOS becomes the reference implementation for NATO AI governance. STANAG standard proposed. 5+ coalition partners. Civil resilience module deployed nationally.
2035-2040
Maturity
Post-quantum cryptography across the stack. AGI-safe governance patterns. Space domain awareness module operational. 500+ MCPs. Self-healing substrate.
2040-2050
Backbone
DEFONEOS is UK national infrastructure โ€” the same way TCP/IP is internet infrastructure. Government, military, civil, and intelligence all run on variants. Open-source, sovereign, forever.
2050-2075
Legacy
DEFONEOS forks: DEFONEOS-Military (classified), DEFONEOS-Civil (open), DEFONEOS-Coalition (Five Eyes). The original open-source codebase continues as the reference. 1000+ MCPs.
2075-2100
Eternal
The 100-year archive. Every SIGIL receipt since Day 14 still verifiable. Every Ed25519 signature still cryptographically sound. The chain that proved British sovereign AI existed โ€” and did the right thing.
2126
Centenary
100 years after the first SIGIL. DEFONEOS is either still running โ€” or it was replaced by something better built on its principles. Either way, the mission succeeded.

๐Ÿ“ The 100-Year Design Principles

These principles were set on Day 3 and cannot be changed โ€” they are the cryptographic contract with the future:

#PrincipleEnforcement
1Open-source by defaultApache 2.0 / MIT licence on every artifact. No binary blobs.
2Sovereign by designUK jurisdiction. UK data residency. No foreign cloud dependencies for classified data.
3Auditable by lawEvery action Ed25519-signed, hash-chained, replayable. 100-year chain integrity.
4Governed by quorumBFT 22-of-33 council. No single agent, human, or nation can override.
5Affordable by necessityOpen tier ยฃ0. Pro ยฃ499/mo. No ยฃ50M/year Palantir contracts.
6Quantum-safe forwardNIST PQC (ML-DSA-65, ML-KEM-768) ready. 90-day key rotation.
7Red lines immutableNo kinetic targeting. No personal surveillance. No foreign sovereignty transfer. Enforced in code, not policy.

๐Ÿ“Š The Numbers After 100 Days

MetricValueProof
Pages deployed183Vercel production, HTTP 200 verified
MCP servers30PyPI + local MCP protocol
Tools exposed188+MCP tools/list endpoint
SIGIL receipts49,000+Hash-chain, Ed25519-signed
P0 repos cloned15git clone verified
Compliance frameworks12147 controls mapped (77% enforced)
Code lines~85,000Python + HTML + YAML
Data moat49 GBPostgreSQL + SQLite
Cost to build~ยฃ500GCP VM + domain + Vercel free tier
Founder headcount1Nicholas Templeman
AI assistants4 platformsHermes, Claude, Kimi, Gemini
Days from idea to launch100March โ†’ July 4, 2026
"We didn't ask permission. We didn't wait for funding. We didn't hire a team. We built the sovereign OS Britain needs โ€” and then we gave it away. Because that's what sovereignty means. You own it by giving it away. You secure it by making it open. You prove it by signing everything."

โ€” Nicholas Templeman, Founder, CSOAI Ltd

The SIGIL

The first receipt, Day 14. The chain grows by ~300 entries/day. In 100 years, it will contain ~10.9 million entries โ€” each one signed, each one verifiable, each one proof that the system made a decision and can be held accountable for it.

100 days built it. 100 years will prove it.