What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

← Lyrie Engagement

3 sources verified·9 min read

By Lyrie Threat Intelligence Team·5/14/2026

What's Next: Lyrie's 12-Month Roadmap (Government Partnerships, B2C, Asia Expansion)

Author: Lyrie Threat Intelligence Team (by Guy Sheetrit, CEO)

Date: 2026-05-13

Reading time: 9 min

TL;DR

This is the public version of Lyrie's roadmap through Q2 2027. Six lanes of work, each with what we are committing to, what the constraints are, and what would cause us to change course. The lanes:

1. Seed A close ($25M, Q3 2026).

2. R&D geographic distribution (centers in Singapore, Vietnam, China, US in addition to Dubai HQ).

3. Hiring (12 net new engineers and researchers, weighted toward threat intelligence and ML).

4. Strategic alliances (sovereign-wealth-fund participation in Seed A, plus expanded national-security agency partnerships).

5. B2B2C expansion (leveraging OTT's marketing infrastructure for a consumer-facing security product).

6. ATP consortium launch and 1.0 spec freeze (Q3-Q4 2026).

We are publishing this roadmap because (a) customers ask for the planning horizon during procurement discussions, (b) the standards work (article 17) requires public commitments other vendors can plan against, and (c) Lyrie's relationship with the security community is built on operating transparently rather than mysteriously.

The roadmap is a plan, not a contract. Material events in the threat landscape, the funding environment, or the customer-base will cause us to revise. We will publish revisions when they happen.

Lane 1: Seed A Close (Q3 2026)

The $25M Seed A is targeted to close in Q3 2026. Lead is committed; strategic and financial participation is committed; sovereign-wealth participation is finalized in due diligence at time of writing. We do not expect to disclose specific investors until the round closes, in keeping with standard practice.

What the capital is for:

~55% engineering scale (the eleven-to-twenty-five hire plan from article 18).
~20% enterprise sales motion (small focused team, three growing to six).
~15% R&D geographic distribution (lane 2).
~10% reserves and B2C exploration (lane 5).

What the capital is not for:

Heavy outbound marketing. The research-driven inbound channel is working; we will not displace it with display advertising or sponsored content.
M&A. No targets, no plans.
Geographic expansion beyond the four named R&D regions. Operational concentration matters at our size.

Constraint: if the funding environment moves materially against us during close, we are prepared to do a smaller round on extended timeline rather than accept terms that would change the company's strategic direction. The fundraising posture is patient, not desperate.

Lane 2: R&D Geographic Distribution

R&D centers planned, by Q2 2027:

Singapore. Asia-Pacific customer engineering and government-partnership operations. Singapore was selected for regulatory stability and access to the ASEAN customer base.
Vietnam. Engineering-cost-arbitrage hub, focused on infrastructure engineering (the OpenClaw stack from article 19). Vietnam was selected for engineering talent depth at favorable cost ratios.
China. Threat-intelligence collection focused on Mandarin-language sources and Asia-Pacific threat-actor activity. China-located operations are constrained by export-control regulations and managed with that in mind.
US. Federal-customer engagement and policy-presence operations. Specifically not engineering-heavy, intentionally.
Dubai (HQ, existing). Strategic operations, CEO presence, and primary commercial relationships.

Constraint: the geographic distribution is operationally complex and we will not stand up all four regions in parallel. The sequence is Singapore → Vietnam → US → China, over twelve months, with each region required to reach stable operations before the next is opened. If any region's standup encounters material friction, subsequent regions slow.

Lane 3: Hiring

Twelve net new engineers and researchers by Q2 2027. The composition:

4 threat intelligence engineers. Senior analysts capable of independently driving threat-research investigations and contributing to the public research output. Sourced through the open-research-community network we have built around the research blog.
3 ML researchers. Focused on intent-verification model evolution, behavioral baselining, and adversarial robustness. Sourced through academic networks and from teams at the major foundation-model companies who want to work on narrower threat-domain problems.
3 distributed systems engineers. Focused on the customer-region decision cluster architecture (article 14) and ATP transport at scale. Sourced through general engineering channels.
1 standards engineer. Specifically focused on driving the ATP consortium's working-group output. Sourced through standards-body networks.
1 enterprise sales engineer. Senior, technical, capable of leading customer pilots end-to-end. Sourced through enterprise security networks.

Constraint: hiring quality is the binding constraint, not hiring quantity. We will hold a seat open for nine months before filling it badly. The composition above is the target; if specific roles do not fill, the capital is conserved rather than reallocated.

Lane 4: Strategic Alliances

Three categories of strategic relationships:

Sovereign-wealth-fund participation. The Seed A round includes participation from sovereign-wealth-aligned vehicles in two regions. The participation is financial, with no operational or governance attachments. The strategic value is the credibility transfer in conversations with sovereign customers and large enterprise customers in those regions.

Expanded national-security agency partnerships. Beyond the three current arrangements (article 15), we are in discussions with two additional national agencies. The discussions are at the relationship-development stage; we expect formal partnership in one of the two within the next twelve months. The other is longer-horizon.

Industry-vendor partnerships through the ATP consortium. The consortium structure (article 17) creates the framework for working partnerships with other security vendors, AI platform companies, and enterprise customer organizations. Specific bilateral partnerships will be announced as they form.

Constraint: strategic relationships with governments require operational discipline that scales sublinearly. We will not pursue more than five active government partnerships in parallel, period. The constraint is real and we have turned away relationship discussions when we judged we did not have the capacity to honor them.

Lane 5: B2B2C Expansion

The most speculative lane. The hypothesis: Lyrie's ATP runtime substrate is applicable to consumer-facing autonomous-agent contexts (personal AI assistants, autonomous customer-facing applications, consumer Web3 wallets) in ways that the consumer-tech ecosystem will need but cannot independently build.

The distribution path being explored leverages OTT (Over The Top SEO and OTT UAE), our affiliated marketing organization, which has substantial consumer-facing reach in several regions. The hypothesis is that a Lyrie-powered consumer security product distributed through OTT-owned channels could reach scale that we could not reach via direct-to-consumer marketing.

The specifics are deliberately vague because the hypothesis is unproven. What we are committing to:

A scoped 90-day exploration in Q4 2026 to determine whether the product hypothesis is real.
If the exploration validates, a small-team product investment in Q1-Q2 2027.
If the exploration does not validate, the capital is returned to reserves.

Constraint: we are not going to disrupt the B2B business for the B2C exploration. The exploration is bounded; if it succeeds it becomes a parallel product, if it fails it ends without damaging the core.

Lane 6: ATP Consortium Launch and 1.0 Spec Freeze

The standards work is already public (articles 13, 17). The Q3 2026 consortium launch and the Q4 2026 1.0 spec freeze are the major near-term milestones.

What is required from us:

Founding-member outreach (in progress, names will be public at launch).
Governance-structure negotiation with founding members (in progress).
501(c)(6) incorporation of the consortium (planned for Q2 2026).
IP contribution from Lyrie to the consortium under permanent licenses (legally drafted, ready for execution at launch).
The standards-engineer hire above (lane 3).

What we are watching for:

Founding-member commitments that would change the consortium's center of gravity. Two of the parties we are talking to have meaningful organizational scale; their participation shape will determine whether the consortium is Lyrie-led-with-participation or genuinely multi-stakeholder. We prefer the latter.
Government observer interest. We are open to formal observer status for multiple governments at launch; the specific governments will depend on negotiated terms.
Adoption signal from enterprise customers. Customer demand for ATP-conformant vendor offerings is the metric that determines consortium momentum.

What Would Cause Us to Change This Roadmap

Three event classes:

1. A major threat-landscape shift. If the agentic-attack landscape moves faster than we projected — for example, if widespread autonomous-agent attacks against enterprise infrastructure accelerate beyond the current pace — we would prioritize product investment over geographic expansion, even if it required slowing other lanes.

2. A major standards-body counter-move. If a competing standards effort (one of the foundation-model vendors, or a major existing standards body) moves on agentic security with sufficient credibility, we will join rather than compete. We are not committed to ATP-as-Lyrie-led; we are committed to an open standard existing. If the right standard happens through a different vehicle, we will support that vehicle.

3. A major customer concentration or churn event. If our customer base concentrates more than we plan for, or if material churn occurs (we have had zero churn to date but the prior on this continuing forever is wrong), we would reweight sales motion investment relative to other lanes.

How to Engage

Customer interest: [email protected]
Standards participation: [email protected]
Investment inquiries (Seed A is full but Series B will eventually open): [email protected]
General research engagement: [email protected]
Press, partnerships, governance: [email protected]

The roadmap exists to be specific enough to plan against and honest enough to revise when reality moves. The agentic-security landscape is moving fast and we expect the next twelve months to surprise us in both directions. The shape of our response — driven by the engineering values in article 19, the operating discipline in article 18, and the open-standards commitment in articles 13 and 17 — is the part we are most confident remains stable.

Thanks for reading the series.

_Published by Lyrie.ai · lyrie.ai/research · Guy Sheetrit, CEO_