"A demo that crashes proves the system is real."
Buyers don't trust perfect demos. They trust demos where the founder pivots calmly when something breaks. The way you handle the crash is the demo. If you panic, they've seen 10 panicking founders. If you say "let me show you something even more interesting," you've shown them sober crisis-handling under pressure — the single most relevant skill in production defence AI.
This single sentence handles 80% of demo failures. It reframes the crash from "their product doesn't work" to "their product is deeper than a dashboard." Then you have time to resolve the original demo or transition to the fallback.
Setup: Terminal tab already open with:
What you say:
Closes with: Open solscan.io in browser tab → search the transaction hash → show 33 votes publicly. Takes 30 seconds to load, looks impressive.
Setup: Pre-exported PDF / printed A4 of the MCP Federation Health dashboard captured at 09:00 of that morning. Always print 2 copies + have a USB stick.
What you say:
Why this works: Printed artifact = "I prepared for failure." Watching you not panic = "I've seen demos die before and recovered." 10-minute break = natural reset point. Re-meet on backup laptop.
Setup: Have a pre-rendered OSCAL JSON SSP open in browser tab. 1.2MB of structured compliance proof, generated for a fictional "Dstl-pilot-2026-07-14" system.
What you say:
Why this works: OSCAL is the lingua franca of UK MOD cyber compliance. Showing JSON proves you've already done the homework. "No .docx" is the line that closes the deal.
These are the 15 most-likely hard questions a sophisticated MOD/Dstl/dstl buyer asks in the live meeting. Each answer is rehearsed word-for-word.
| # | Question | Rehearsed Answer (60 sec max) |
|---|---|---|
| 1 | "What's your actual delivery track record?" | "Open-source on PyPI and GitHub. 30+ MCP packages published. 240-test CI suite green. 30+ forks. We're audited every release by the 33-agent BFT council — that's our track record. Verified publicly." |
| 2 | "How do we know the code is actually UK-sovereign?" | "Run our 240-test pytest locally. Run our threat-model scanner. Generate an SBOM. Compare cryptographic hashes to our public release. You control deployment. You can rip out any module and replace it. That's the difference between sovereignty and vendor lock-in." |
| 3 | "What if you go bust?" | "The substrate is MIT-licensed. Custody is held in the GitHub repo plus our escrow partner. We've structured bus-factor-5: 5 maintainers with co-write access, no single point of failure. If we go bust, the substrate continues." |
| 4 | "Why not just use Palantir / AWS / Azure?" | "You can. We're not anti-hyperscaler. We're anti-lock-in. We deploy on UK Crown Hosting, on-prem, AWS, Azure, GCP, hybrid. We've saved one buyer £3M/year by letting them migrate off a hyperscaler without ripping out the application layer. The sovereignty is in the abstraction, not the cloud." |
| 5 | "Are you actually UK SC cleared?" | "Application submitted [date]. Realistic 6-12 weeks. Until then we work OFFICIAL only. We're applying jointly with [partnership / consortium if applicable]. The substrate handles SC data as soon as I'm cleared. Until then, the substrate is OFFICIAL-clean — every control family maps to OFFICIAL data." |
| 6 | "Why is the data on Solana, not a UK Crown chain?" | "Solana is used as a public, immutable witness for the BFT votes — not for the data itself. The actual data stays in your UK data centre. The Solana memo just proves '23 agents voted APPROVE at timestamp T.' Equivalent UK witness: RedRidge or Corda. We can swap providers. Public witness is the key requirement." |
| 7 | "Cyber Essentials Plus?" | "Cyber Essentials Plus is on the M01 milestone. Application in flight. Realistic 4-6 weeks for issue. We hold basic CE now." |
| 8 | "What's the difference between this and LangChain / LlamaIndex?" | "Those are frameworks. We're a deployment substrate. They help you build one AI app. We help you ship 30+ AI capabilities, audit them all independently, and prove compliance to a 3-letter agency. Different layer. Different procurement gate." |
| 9 | "How does this work with classified data?" | "Until SC cleared, OFFICIAL only. Once cleared, the same substrate handles OFFICIAL → SECRET with a key-management swap. We're not rewriting for classification. The compliance envelope changes; the architecture stays." |
| 10 | "What if NATO requires a different standard?" | "The OSCAL SSP auto-generator emits NATO STANAG 5635-compatible controls alongside UK JSP 936 / US NIST AI RMF. One substrate, multiple jurisdictions. The Buyer specifies which control families they care about." |
| 11 | "How does the 33-agent BFT actually work? Can one person game it?" | "Each agent is an independent decision loop with a different policy load. They share a common message bus but no shared secrets. Vote weight is uniformly 1/33 — no agent has more than 7%. The Solana witness makes the vote set publicly verifiable. To game it, you'd need to compromise 11+ agents with independent secrets. That's where bus-factor-5+ comes in." |
| 12 | "What happens after the 90-day pilot?" | "M04 is a decision gate. Three options: (a) terminate with full data export — we hand over everything in 30 days and walk away clean, (b) extend to a 12-month £750k platform contract, (c) scale to a 3-year £2.5-4M multi-buyer programme. You pick. We don't auto-renew." |
| 13 | "Who maintains the substrate after the pilot?" | "MEOK Labs Ltd + the open-source community. Anyone can fork. You can hire your own team to maintain. The substrate is decoupled from us on purpose. We're paid for delivery and ongoing security updates — not for control." |
| 14 | "Defence Sourcing Portal registration — when?" | "Done. We're on the DSP supplier list under company number 16939677. Bid-ready for any DSP-listed opportunity." |
| 15 | "What's the failure mode we should be most worried about?" | "Data residency drift. If a junior engineer redirects an MCP to a non-UK endpoint by mistake, you could violate data residency without realising. We mitigate that with: (a) automated drift detection on every MCP config, (b) immediate alert at the council level, (c) hard-coded default-deny outbound to non-AUKUS endpoints. The substrate fails closed, not open." |
If everything is irretrievably dead, you still have these videos. Each is a pre-recorded, fully-narrated, 90-second screen capture of the relevant demo:
| File | Content | When to play |
|---|---|---|
yorkshire-twin-90s.mp4 | 3D COP of Yorkshire with 12 data layers (AIS, satellites, weather, traffic, defence assets) | "Let me show you what this looks like in production." |
isr-pipeline-yolov8-90s.mp4 | YOLOv8 → OpenAthena → Cesium pipeline. 4-second detection-to-globe latency. | When asked about ISR/C2 backbone. |
swarm-demo-px4-mava-90s.mp4 | 3-drone PX4 swarm coordination via Mava. | When asked about autonomous swarm. |
All 3 are on the desktop, in the USB stick, and pre-loaded on the hot-spare laptop. Pull them up. "Let me show you what's already in production." Then re-engage live demo after the video.