Operator-led offensive security.
Bootstrapped. Optionally raising $250k.
AxVeil is a revenue-generating offensive security firm serving India and MENA. We're running two paths in parallel: a $250k pre-seed for 12-month runway and accelerated platform build, or continued bootstrap. The deck and executive summary below explain both.
Founder career engagements
80+
Live service tiers
3
Live platform tiers
4
Published case studies
3
Round target
$250k pre-seed
Cheque size welcome
$25k–$100k
The pitch in 90 seconds.
Four converging regulations — DPDP, SEBI CSCRF, RBI cyber, EU DORA — entered enforcement in the last 18 months
DPDP Act 2023 (rules rolling out 2024-26), SEBI CSCRF (mandatory from August 2024), the RBI Cyber Security Framework with its 2023 IT Governance refresh, and EU DORA spillover via TLPT obligations on MENA banks transacting with EU counterparties. Every regulated entity now has a calendarised pentest cadence — exactly the demand window where operator-led brands compound.
Named-operator delivery is a defensible counter-position to scanner-PDF resellers and Tier-1 pyramid pricing
Founder Aman Kumar (OSCP, CEH v12, 4+ years senior offensive delivery, 80+ enterprise engagements) personally owns scoping, exploitation, debrief, and the free 30-day retest. Three published case studies anchor the proof: 200+ server government VAPT (~40% exposure reduction), 2000+ server shipping & logistics rollout (~80% risk reduction), 1000+ server MENA banking engagement.
Bootstrapped, revenue-generating service business; pre-seed is optional acceleration not survival capital
AxVeil is already cash-positive on services. The optional $250k buys 12 months of runway and ~24-month optionality with revenue: founder + operator base, MENA + India ABM experiments, contractor-built platform expansion, tooling stack, cyber-liability insurance. The honest framing — 'we're exploring whether capital meaningfully changes the slope' — is the trust play.
Big enough to matter. Small enough to win a real slice.
We don't need a fictional percentage of a giant TAM to build a strong business. The market sizing below is directional — public estimates the deck cites, narrowing to a wedge we size from delivery capacity, not top-down optimism.
A large, regulation-driven testing market
The global penetration-testing market is widely estimated in the low-single-digit billions of USD and growing double digits annually, pulled by breach economics and an expanding regulatory testing mandate. We do not need a measurable slice of this to build a strong services business.
Regulated buyers in two compliance-heavy regions
Our reachable market is regulated entities in India (banks, NBFCs, insurers, market infrastructure, MeitY-procuring bodies) and MENA (banks under SAMA / CBUAE / QCB / CBO), each carrying a calendarised, audit-driven pentest cadence rather than discretionary spend.
What one senior operator + platform can realistically win
Our near-term obtainable market is the slice a founder-operator (plus subcontract and reseller channel) can deliver against without diluting quality — boutique-scale, high-margin engagements where named-operator delivery is the buying reason. We size this from delivery capacity, not from a top-down percentage.
Market figures are directional public-market estimates, not audited internal projections. The full sizing methodology and sources are in the deck.
Services fund the runway. Platform compounds it.
Three revenue layers, two of them live today. The recurring platform layer is what optional capital accelerates — without it, services and channel still carry the business.
Operator-led VAPT
Fixed-scope offensive engagements — external / internal VAPT, web + API + mobile, red-team-style assessments — billed per engagement with a free 30-day retest. Cash-positive today.
Subcontract + reseller
60 / 40 subcontract delivery for CERT-In empanelled primes and a margin-based reseller / referral program extend delivery without proportional sales spend.
Recurring subscription
A continuous attack-surface + scan platform (Pro / Team / Enterprise tiers) is the recurring-revenue layer the optional pre-seed accelerates — contractor-built so services keep funding the runway.
Email-gated download. No drip sequence.
Drop your work email below. The full investor deck (10-slide PDF, A4 landscape) lands in the next click. We don't put strategy documents on the live site — distribution is selective and tracked.
Document
PDF · ~12 pages · A4 landscape
Investor Deck — Pre-seed 2026
Cover, problem, solution, why-now, market sizing, product/service stack, business model, traction, team, and the $250k ask + use-of-funds. Confidential.
Document
PDF · ~2 pages · A4 portrait
Executive Summary — One-pager
Elevator paragraph, what we have today, what we're building in the next 90 days, what could kill us, the ask. For investors who want the gist before the deck.
We'd rather you hear the risks from us.
Every early-stage bet has failure modes. Here are the three we watch most closely and how the model is built to absorb them. The deck and one-pager go deeper.
Key-person concentration on the founder-operator
Subcontract and reseller channels distribute delivery; documented methodology and tooling make engagements repeatable. Capital, if raised, funds a second operator hire early.
Services revenue is lumpy and capacity-bound
The platform layer adds recurring revenue; the channel adds delivery elasticity. We do not raise on a promise of hypergrowth from a services base — the bootstrap path stands on its own.
Crowded, brand-driven security market
Named-operator delivery, reproducible PoCs, and a free retest are a defensible counter-position to scanner-PDF resellers and Tier-1 pyramid pricing — proven out across three published case studies.
No drip. No deck-spam. One reply at most.
Day 0
PDF in your inbox
The download starts in the same browser tab. Deck or one-pager (or both) is yours to read at your pace.
Day 1–3
Single founder reply
If your email looks like a fit (pre-seed cheque writer, APAC GTM, regulated-buyer access), you'll get a short reply from Aman. If not, silence — no automated sequence.
Whenever
Reply directly
Email hello@axveil.com. Founder reads every message; partial-process intros and warm-pass conversations are welcome.
Plain ask.
If you write $25k–$100k pre-seed cheques into operator-led services + platform plays, and your value-add is APAC enterprise GTM or regulated-buyer access, we want to talk. If not, the bootstrap path stands on its own and we'll keep building.
hello@axveil.com · axveil.com · AxVeil LLP, India