A loitering munition launched from friendly territory can drift across a border while searching for targets, spending 10-20 minutes in a neighboring country's airspace before either engaging a target or running out of fuel. Unlike a missile that transits airspace in seconds, a loitering munition's extended presence constitutes a sustained airspace violation that the neighboring country's air defense may detect and respond to. This creates diplomatic incidents that are distinct from a missile strike. This persists because international law governing airspace sovereignty was written for manned aircraft and ballistic missiles, and no legal framework addresses semi-autonomous weapons that loiter in foreign airspace for extended periods with weapons armed.
Real problems worth solving
Browse frustrations, pains, and gaps that founders could tackle.
When a submarine cable breaks, repair requires a specialized cable ship that can locate the break, grapple the cable from the ocean floor (up to 8,000m depth), splice the fiber, and relay it. Only ~60 such ships exist worldwide, most owned by a handful of companies (SubCom, NEC, Alcatel Submarine Networks). After the 2024 Red Sea cable cuts, repair ships were booked 8-12 weeks out. A coordinated adversary attack on multiple cables could exhaust global repair capacity for months. This persists because cable ships cost $200-400M each, take 3 years to build, and the commercial incentive to maintain excess repair capacity is zero because cable breaks are rare enough that operators treat repair as an insurance cost rather than a wartime necessity.
A loitering munition needs a continuous video downlink for the operator to identify targets, plus an uplink for manual guidance corrections. In a contested electromagnetic environment, this link must be jam-resistant (frequency-hopping, directional antenna, spread spectrum), which adds an $8K radio module to a $30K weapon. The radio alone costs 25% of the total weapon. If the datalink is jammed despite these measures, the operator loses control and the munition either crashes or reverts to autonomous terminal guidance (which raises the ROE issues). This persists because jam-resistant radios are expensive because they use defense-grade waveforms with restricted crypto that cannot leverage cheaper commercial radio architectures.
Approximately 500 submarine fiber optic cables carry 95% of intercontinental internet traffic, financial transactions, and military communications. These cables sit on the ocean floor with no physical protection, no surveillance, and no rapid-response repair capability. A single cable cut can reroute an entire continent's traffic through alternative paths that may cross adversary-controlled chokepoints. This persists because the cables are owned by private telecom consortiums that invest in capacity but not security, the ocean is ungovernable space where no nation has enforcement authority over most cable routes, and the cost of physically protecting 1.4 million km of cable is astronomically impractical.
IFF transponders that could prevent friendly-fire incidents are too heavy (200g+) and power-hungry (5W+) for sub-5kg loitering munitions. Instead, fratricide prevention relies entirely on geographic kill boxes -- defined areas where anything moving is presumed hostile. But kill boxes require accurate, real-time friendly force tracking that frequently fails in contested environments where GPS is jammed and radio links are intermittent. This means a loitering munition operator may have outdated friendly positions and engage a vehicle that moved into the kill box since the last Blue Force Tracker update. This persists because miniaturizing IFF to fit loitering munition size, weight, and power constraints requires semiconductor integration that no manufacturer has prioritized.
The Bureau of Industry and Security processes 35,000+ export license applications per year with approximately 400 staff, many using paper-based review workflows and a licensing system (SNAP-R) built in the late 1990s. Average processing time is 45 days, but complex semiconductor cases take 90-180 days. US companies lose sales to allied competitors who face lighter export controls (Japanese and European chip equipment makers). This persists because BIS's budget ($180M) has not scaled with the explosion in technology export controls since 2022, Congressional appropriations for Commerce Department enforcement lag years behind policy ambitions, and hiring export control engineers who understand semiconductor technology at BIS salaries ($80-120K) is nearly impossible when industry pays 3x.
The electro-optical/infrared seeker assembly on a precision loitering munition costs $10-20K -- a miniaturized camera, processing board, and target tracking algorithm packed into a 50g module. This seeker is destroyed on impact along with the $30-50K airframe. Traditional missiles justify expensive seekers because they hit high-value targets (aircraft, ships). A loitering munition destroying a $2,000 pickup truck with a $15K seeker is economically inverted. This persists because seeker miniaturization requires precision optics and custom ASICs that have high per-unit costs at low production volumes, and no commercially available camera module provides the military-grade stabilization and tracking needed for terminal guidance.
RISC-V is an open-source instruction set architecture developed at UC Berkeley that anyone can implement without a license. China has designated RISC-V as a national strategic priority and is building RISC-V chips (Alibaba's Xuantie, SiFive's designs) that are architecturally independent of ARM (UK, subject to controls) and x86 (US, subject to controls). Export controls cannot restrict an open-source ISA because there is no licensable IP to control. This persists because RISC-V was deliberately created as an open standard to avoid proprietary lock-in, and the academic and open-source communities that maintain it operate outside any government's regulatory authority. China adopting RISC-V is a rational response to the demonstrated risk of depending on controllable architectures.
Backpack-portable loitering munitions must weigh under 5kg total, leaving only 300-500g for a warhead after batteries, motor, guidance, and airframe. A 500g shaped-charge warhead penetrates only 30-50mm of steel, insufficient to defeat even lightly armored vehicles (BMPs have 30mm+ frontal armor). Operators must aim for top-attack profiles on hatches and engine decks, which requires terminal dive accuracy that cheap GPS/INS guidance cannot reliably achieve. This persists because physics constrains blast effects at small warhead sizes, and increasing warhead mass means heavier airframes that require crew-served launchers instead of individual soldier deployment.
A US chip design company licenses IP blocks to a Taiwanese fab, which sells chips to a Japanese distributor, which sells to a Shenzhen systems integrator, which builds boards for a company that may or may not be on the Entity List. The US design company has no visibility into where its IP physically ends up after the third distribution hop. BIS holds the US company liable for 'knowledge' of end-use, but supply chain opacity makes genuine knowledge impossible beyond the first customer. This persists because semiconductor supply chains are globally distributed with 5-8 intermediaries between design and end-use, and no tracking system exists that follows individual chips from fabrication to installation.
Ukraine consumes an estimated 3,000-5,000 one-way attack drones per month. US production capacity for Switchblade and similar systems is in the hundreds per month. The industrial base cannot scale because loitering munitions use the same precision components (IMUs, seekers, warheads) as traditional missiles but at 1/100th the price point, so defense primes' production lines are optimized for low-volume, high-margin missile production. This persists because the US defense industrial base was structured around producing hundreds of precision munitions per year (JDAM, Hellfire) at $100K+, not thousands of expendable precision munitions per month at $10-50K. Retooling requires capital investment that primes won't make without multi-year production contracts that Congress hasn't funded.
Venture capital funds typically have 10-year lifespans with returns expected by year 7-8. Defense programs of record from initial concept to full-rate production take 15-20 years. A VC-funded defense startup that enters a major program as a subcontractor will not see meaningful production revenue until after the VC fund has been forced to exit. This timeline mismatch means VCs push defense startups toward faster-return commercial pivots or early acquisition, both of which reduce the startup's defense impact. This persists because defense acquisition timelines are driven by testing, certification, and political cycles that cannot be compressed, while VC fund structures are constrained by LP agreements that cannot be extended.
Current tactical loitering munitions (Switchblade 300, Hero-30) have 15-40 minute endurance. Once launched, the operator must find and engage a target before the battery dies or lose the $50-100K munition. This creates a use-it-or-lose-it pressure that incentivizes engaging marginal targets rather than waiting for high-value ones. In Ukraine, operators report engaging vehicles that turned out to be civilian because waiting for positive ID would have exhausted the munition's fuel. This persists because battery energy density limits flight time, and increasing endurance requires larger airframes that lose the tactical advantage of backpack-portability. No recovery mechanism exists for most loitering munitions -- they are destroyed whether they hit a target or not.
Export controls focus on cutting-edge chips (sub-14nm, AI accelerators) but leave mature-node chips (28nm and above) completely uncontrolled. These mature chips power 90% of military electronics (radar, communications, guidance systems), automotive controllers, industrial PLCs, and critical infrastructure. China is building massive 28nm fab capacity (60+ fabs under construction) that will undercut global pricing, potentially creating a dependency where Western military systems rely on Chinese-manufactured mature chips. This persists because the export control framework equates 'advanced' with 'strategically important,' ignoring that the most critical systems use older technology, and controlling 28nm chips would disrupt global automotive and industrial supply chains that the economy depends on.
A defense startup building dual-use technology (e.g., counter-drone AI that also works for civilian airports) must obtain an export license from DDTC (State Department) or BIS (Commerce Department) before selling to allied nations. License processing takes 4-8 months for ITAR items and 2-4 months for EAR items. Allied customers (UK, Australia, Japan) who want to buy the technology today lose patience and develop domestic alternatives. This persists because the export control workforce has not scaled since the Cold War, the ITAR/EAR jurisdictional split creates dueling bureaucracies, and license officers have no SLA or timeline accountability.
Samsung and SK Hynix operate memory fabs in China that use US-origin equipment. The October 2022 export controls technically required them to stop servicing this equipment, which would shut down fabs representing billions in investment. BIS granted 1-year waivers, then extended them, creating perpetual uncertainty. Neither Samsung nor SK Hynix will invest in expanding their China fabs (reducing future dependence on China) nor can they exit (writing off billions). This persists because the controls were designed to restrict China's access to advanced chips but inadvertently captured allied companies' existing operations, and BIS has no framework for permanently grandfathering existing facilities while restricting new ones.
A loitering munition like Switchblade or Lancet takes off like a drone, loiters like a surveillance platform, then dives like a missile. Different rules of engagement govern each phase -- ISR has one approval chain, kinetic strike has another, and the transition from observation to attack happens in seconds. Operators trained on drone ROE may not have strike authority, and operators with strike authority may not have surveillance training. This persists because existing weapons classification frameworks separate 'unmanned aircraft' from 'guided munitions' as distinct legal categories, and no doctrine framework covers a weapon that transitions between categories mid-mission.
Defense contracts over $2M trigger DCAA audit rights, requiring the contractor to maintain a cost accounting system compliant with CAS (Cost Accounting Standards). For a 15-person startup, implementing CAS-compliant timekeeping, indirect cost allocation, and incurred cost submissions requires $150-300K in accounting software and consultants. A startup winning a $3M OTA contract spends 5-10% of the contract value on accounting compliance before performing any work. This persists because CAS was designed in the 1970s for billion-dollar prime contracts where compliance cost is a rounding error, and Congress has not updated the thresholds or created a simplified standard for small businesses.
China has committed $47B+ through the National IC Fund (Big Fund) Phase III to build domestic semiconductor capability specifically because export controls demonstrated supply chain vulnerability. SMIC is already producing 7nm-equivalent chips on older DUV lithography through multi-patterning, demonstrating that controls create delay but not permanent prevention. The $47B investment may produce a subsidized Chinese chip industry that undercuts Western fabs in mature nodes (28nm+) used in automotive, IoT, and military systems. This persists because export controls are a short-term denial tool being used as a long-term containment strategy, and the economic incentive to develop domestic alternatives grows stronger with every new restriction.
Battlefield footage captured on GoPros, phone cameras, and drone feeds has no cryptographic chain of custody from capture to storage. When this footage surfaces as evidence of war crimes or rules-of-engagement violations, the accused party can plausibly claim the video is AI-generated because there is no tamper-proof provenance trail. The C2PA content authentication standard exists but requires camera hardware support that no military helmet cam or field phone implements. This persists because content authentication was developed for the media industry, military procurement cycles are 5-7 years behind commercial tech, and no NATO standard mandates authenticated media capture for battlefield documentation.
Before any autonomous weapons test involving simulated lethal engagement, military research programs must pass institutional review and legal compliance checks. But no ethical framework exists specifically for autonomous swarm lethality testing -- existing reviews are designed for single autonomous systems with identifiable decision points. A swarm where lethal decisions emerge from collective behavior (no single drone 'decides' to kill) falls outside every existing ethical review template. This persists because ethics review frameworks follow doctrine, and doctrine follows capability development, creating a circular dependency where the ethics review cannot be written until the swarm is tested, but the swarm cannot be tested until the ethics review is approved.
The typical defense startup trajectory is: raise VC → win a few SBIR/OTA contracts → get acquired by a prime at Series B/C before reaching $100M ARR. Since 2018, Lockheed, Northrop, L3Harris, and Anduril have acquired 30+ defense tech startups. Each acquisition removes a potential competitor from the market before it can challenge the prime's incumbency on major programs. VCs encourage early acquisition because defense revenue cycles are too slow for typical VC return timelines. This persists because the defense market has structural barriers to independent scaling (clearances, SCIF, FedRAMP, prime subcontracting relationships) that make acquisition the path of least resistance, and no antitrust framework evaluates defense acquisitions through a competitive innovation lens.
Controlled NVIDIA GPUs are legally sold to distributors in Malaysia, Vietnam, and Thailand, then reshipped to China through shell companies. The transshipment adds $500-2000 per chip in markups but still delivers the hardware. BIS has documented cases of H100s reaching Chinese data centers within weeks of purchase from authorized Southeast Asian distributors. Enforcement requires customs inspection of individual GPU serial numbers, which Southeast Asian customs agencies lack the staff and motivation to perform. This persists because the re-export control framework relies on end-use certificates that are trivially forged, and the US has limited enforcement leverage over third-country customs agencies that benefit economically from the transshipment trade.
Spear phishing against military and defense industry targets traditionally came in broken English or machine-translated text that email filters flagged. LLMs now generate grammatically perfect, culturally appropriate phishing emails in any language, eliminating the linguistic tells that security training taught users to spot. A Chinese APT can now send flawless American English emails referencing specific defense programs. This persists because email security training and detection models were built on the assumption that foreign adversary communications would contain linguistic artifacts, and retraining an entire workforce to detect linguistically perfect phishing requires a fundamentally different security awareness approach that nobody has developed yet.
Conventional military planning uses well-established attrition models (Lanchester equations, Monte Carlo simulations) calibrated against decades of weapons effectiveness data. No equivalent model exists for drone swarm attrition because there is insufficient combat data on how swarms degrade under fire -- do they lose effectiveness linearly with losses, or is there a critical threshold below which the swarm collapses? Commanders cannot plan swarm size requirements without knowing expected attrition rates, leading to either massive over-provisioning (waste) or under-provisioning (mission failure). This persists because swarm-scale combat is too new for empirical data collection, and simulated attrition models have not been validated against real-world swarm engagements.
Other Transaction Authorities were created to let DoD contract with non-traditional defense companies without the full FAR/DFARS compliance burden. In practice, Contracting Officers trained in FAR-based procurement add FAR-like requirements (DCAA-compliant accounting, certified cost or pricing data, CAS compliance) to OTA agreements because they fear audit findings. A startup choosing OTA to avoid FAR paperwork discovers the same compliance requirements attached informally. This persists because COs face personal liability for contracting violations but no consequences for being overly conservative, creating an asymmetric incentive to add requirements rather than streamline.
ASML is the sole manufacturer of EUV lithography machines needed to produce chips at 7nm and below. The Dutch government's export control decisions on ASML equipment effectively determine which countries can manufacture advanced chips. Neither the US nor China has an alternative EUV supplier. A single company in Veldhoven, Netherlands controls the chokepoint of the entire global semiconductor supply chain. This persists because EUV lithography is the most complex machine ever built (100,000+ components, 13.5nm wavelength light source requiring tin droplet plasma), and the 30-year head start plus accumulated know-how creates an insurmountable barrier to entry for any competitor.
Active-duty military personnel post thousands of hours of video and audio to TikTok, Instagram, and YouTube, providing adversaries with high-quality training data for voice cloning and face-swapping models targeted at specific individuals. A platoon leader's TikTok account with 50 videos provides enough data to clone their voice with 95%+ accuracy. This creates a persistent vulnerability where every public social media post increases the deepfake attack surface. This persists because military social media policies are unenforceable (personnel use personal devices on personal time), and the operational security risk of social media content as deepfake training data is not yet incorporated into OPSEC training doctrine.
In a jammed environment where GPS is denied, each drone in a swarm must determine its position relative to other swarm members using only onboard sensors (visual, UWB ranging, IMU dead reckoning). No commercial chip integrates all three modalities with the accuracy needed for swarm formation flying (sub-meter relative positioning at 100Hz update rate). Existing UWB ranging chips (DW3000) achieve 10cm accuracy but only in clear line-of-sight, failing when drones are obscured by smoke, dust, or each other. This persists because the commercial UWB market optimizes for indoor positioning (warehouses, Apple AirTag) not outdoor multi-agent swarm navigation, and the military drone market is too small to justify a custom ASIC.
Defense startups building cloud-based software must obtain FedRAMP authorization before any DoD customer can use the product in production, even for unclassified workloads. The FedRAMP process requires 14-18 months and $1.5-2.5M in third-party assessment, documentation, and remediation costs. A startup with a working product that a combatant command wants to deploy today must tell them to wait over a year for paperwork. This persists because FedRAMP's control baseline (800+ controls for High Impact) was designed for general-purpose cloud infrastructure, not purpose-built SaaS applications, and the process has no proportional pathway that right-sizes assessment to actual risk.