TX-01 · Offensive
Prompt-injected agents
RAG corpuses, web pages, and tool outputs become attack surfaces. The adversary isn't a person — it's the document your agent just read.
Runtime defense · agent firewalls
Ops Brief · v2 · Accredited investors only
The cap table is the moat.
Buyer money, not smart money.
Oakseed Cyber Leaders Investment Circle is an operator-only investment club for current and recent CISOs underwriting the AI / security frontier — where rogue agents, autonomous adversaries, and model-supply-chain risk are the largest enterprise threat surface of the decade.
01 · Thesis
The defenders writing the budget are the highest-signal capital in the category.
Generative AI is rewriting both the offensive playbook and the defensive stack at the same time. Prompt injection, model exfiltration, deepfake-driven social engineering, agentic attack chains on one side. LLM-assisted SOC, runtime guardrails, supply-chain attestation, AI-native identity, autonomous response on the other.
CISOs are running point on the largest enterprise risk reframing in a decade — and remain the most under-leveraged investors in the category they govern.
Oakseed Cyber Leaders Investment Circle exists to fix that asymmetry.
01
Operator concentration over capital concentration
Membership is kept small enough for substantive discussion. The product is the room, not the AUM.
02
Sourced by Oakseed, screened by CISOs
Oakseed sources, runs technical and commercial diligence, and writes its own check from the fund. Members see a curated 4–6 deal pipeline per month and decide individually.
03
AI / cyber-native, not a generalist landing pad
Every deal sits at the intersection. We pass on adjacent infrastructure that isn't AI-aware and on AI tooling that isn't security-relevant. No exceptions.
02 · The threat we're underwriting
Rogue agents are not a 2030 problem. They are already shipping in production.
The investable surface is the gap between what enterprises have deployed and what they have any meaningful control over. Eight thesis vectors, each one a category we're actively underwriting.
TX-02 · Offensive
Autonomous attack chains
Agentic loops that recon, exploit, exfiltrate, and persist without a human in the keyboard. Continuous, cheap, and personalized.
Adversarial simulation · AI red team
TX-03 · Offensive
Deepfake social engineering
Cloned voice and video defeat the last human-in-the-loop controls. Wire fraud, executive impersonation, hiring fraud at scale.
Liveness · provenance · callback policy
TX-04 · Offensive
Model & weight exfiltration
The crown-jewel data class of the next decade. Side-channel, API extraction, insider routes — all under-instrumented.
Model DLP · watermarking · honeyweights
DX-05 · Defensive
AI-native identity
Non-human identities outnumber human ones 50:1 and most lack lifecycle, attestation, or revocation. The next IAM is for agents, not people.
Agent IAM · workload identity
DX-06 · Defensive
Model supply-chain attestation
SBOM for weights. Where did this model come from, what corpus trained it, what fine-tunes have touched it, and can you prove any of it?
Provenance · signing · registries
DX-07 · Defensive
LLM-assisted SOC & response
Triage, hunt, and contain at machine speed — without handing your runbook to a hallucination. The operator-grade analyst copilot.
Autonomous Tier-1 · case-graph reasoning
DX-08 · Defensive
Runtime guardrails & policy
Output filtering, tool-use policy, data-egress mediation. The control plane that sits between any agent and anything it can touch.
Policy engines · egress brokers
03 · Recent incidents
What the catalog actually says, this week.
The seven most recent additions to the CISA Known Exploited Vulnerabilities catalog. Pulled directly from the US government feed.
Exploit watch
04 · How it works
A monthly meeting, a curated pipeline, individual conviction.
01
Diligence drops
Five business days before each meeting, members receive the data room, deal memo, term sheet summary, and Oakseed's written diligence.
02
The room
One 60-minute virtual meeting. Four to six startups pitch — eight minutes plus four minutes of Q&A. The product is the room.
03
Individual decision
Members commit individually to deals they want in on. Minimum $10K. Deadline 7–10 days after the meeting. No collective vote.
04
SPV close
Each deal closes via its own SPV through Sydecar / AngelList. Pro-rata follow-on rights flow back to participating members.
05 · Membership
The room. Not the AUM.
Eligibility & expectations
E1
Current or recent (within 24 months) CISO, Deputy CISO, CSO, Head of Security, or equivalent leadership role at an organization of meaningful scale.
Accreditation self-certified under Reg D 506(b). Verification at onboarding.
E2
Attend at least 60% of monthly meetings. Live preferred; recorded review with written deal feedback counts.
The room is the product. Show up to it.
E3
Target one investment per club year. No penalty for passing when pipeline doesn't fit.
Conviction over volume. Always.
E4
Maintain confidentiality on all proprietary deal flow. Disclose conflicts of interest immediately upon discovery.
Members in active procurement of a presenting company may not invest until that procurement is closed.
E5
Make yourself reasonably available to portfolio companies for advisory conversations, design-partner intros, or procurement guidance — within your organization's policies.
This is what makes the room worth a founder's allocation.
06 · Investment structure
Tag-along to a priced lead. We're buying signal and access, not control.
Per-member minimum
$10K
The floor for SPV participation in any deal.
SPV target range
$75K — $250K
Aggregate club allocation per deal, sized to the lead's available capacity.
Carried interest
20%
Of SPV profit, after return of invested capital and SPV expenses. Standard syndicate market.
Vehicle
Deal-specific SPV · Delaware series LLC
Sydecar, AngelList Roll-Up Vehicles, or comparable platform. SPV setup fee passed through at cost, capped at 2% of SPV size.
Management fee
0%
None. Operations funded by membership dues.
K-1 delivery
MAR 31
Target annual delivery. State filings are member-side.
07 · Positioning
We are not trying to be the biggest. We are trying to be the room where the most consequential AI / cyber deals get decided early.
Vehicle type
AUM posture
Room size
Thesis focus
CLIC
Generalist cyber funds
$100M+
n/a · GP-led
Broad cyber
Operator room · invitation only
Open AngelList syndicates
Variable
100s of LPs
Mixed
CISO-only · vetted
Corporate CVCs
Balance-sheet
Single-org
Strategic-only
Independent · multi-buyer
Operator-led seed funds
$25M–$75M
GP-led
Operator network
Sourcing partner · AI/security depth
08 · Team
Built by operators who've sat on both sides of the table.
Standing conflicts register maintained and updated quarterly. Any team-affiliated company is presented only with written approval from unaffiliated team members, full disclosure to membership, and recusal of the conflicted partner from sourcing, memo authorship, term negotiation, and economics on that deal.
09 · First-year roadmap
Twelve months. Eight to twelve SPVs deployed.
Months 01 — 02
Charter recruiting
Target the founding cohort filled before first meeting. Charter-cohort terms locked.
Month 03
First pitch meeting
Four to six companies. Five-day pre-read window. SPV mechanics live.
Months 03 — 12
Ten meetings · 8–12 SPVs
Monthly cadence locked. Pro-rata aggregation engine running by month six.
Month 12
Annual review
Portfolio review · governance review · fee and structure review · charter renewal.
Be the cap-table line founders fight to keep.
Charter cohort is being assembled now. Membership is by application and reference; you can expect a response within five business days.