Do not assume that companies are willing to put ALL of their intellectual property into your hands. Even if you would not be some startup where any sysadmin could steal and sell my data any time without you even noticing it, you will get hacked just like everyone else that stores interesting data. The data you have access to is absolutely perfect for the global data blackmailing gangs. As soon as you are successful, you will have every black hat hacker and their dog knocking on your doors.
To be clear: I am looking at this from a CEO perspective, not a "I will play with it in my spare time" nerd one.
Not looking to spend millions but a couple thousand are alright. TIA
Businesses that would be willing to pay (a lot) for such a benefit often will be very conservative. In Germany the majority of medium sized businesses using SAP for example still refuse to be moved to SAP's cloud instead of on-premise.
C-Level types typically are not worried putting their email credentials etc into Outlook cloud and getting hacked this way. They are used to "everything is in the cloud". However, as soon as you mention, depending on the type of business "patents", "sales contacts", "production plans" C's will change their mind.
In Germany, where I am originally come from, all of these businesses are worried about their trade secrets to end up in China, and rightly so.
As self-hosting is very complex you could either make good money with consulting (but this means setting up tech teams in all target markets around the globe, using actual competent humans), or by selling it as a plug&play appliance. With that appliance simply being a rack server with a suitable GPU installed.
And again, for your business strategy the long-term risk of pretty much everyone trying to hack you on a daily basis appears too high to me. You might not have on your radar how serious industry spionage is. You will definitely have a fake utility company worker coming into your offices, trying to plug in a USB keylogger into some PC while nobody is looking.
As an example, proven strategy: Find targets internet uplink. Cut it. Customer calls ISP for help. You then send a fake ISP technician that arrives before the real one does. You put a data exfiltration dongle between the modem and the LAN. You then fix the cut outdoor line. Customer is happy that you have fixed it. Later the actual ISP guy arrives. Everyone will be a bit confused that the problem was already fixed, but then agree that it's probably just the ISP once again having screwed up their resource management. Works pretty much every time.
Sounds interesting, and could be used in a movie, but it doesn't look like it is practically applicable in real life. You will have a hard time making sense of the data without full-MITM'ing with SSL decryption, installing your CA certificate on all machines and browsers on the LAN, and solving the certificate pinning problem.
A USB keylogger may be a simpler solution even though it can't sniff the whole LAN.
I wasn't clear here enough: The device at this point enables you to typically see all devices on the LAN and WLAN on L2. Which means you can do ARP spoofing and all that kind of stuff. One of the first things you then would look at is what printers are available to infect. People often print interesting things :)
And yes, of course the USB keylogger is the cheap lazy solution. These days due to second factors not that useful as it used to be, but still... you can deploy it in seconds pretty much in every office, shop or governmental institutions.
But to not further drift into off-topic:
I am serious about all this. Should Grapevine be successful and for example one day put out a press release like "Procter & Gamble is now using our services", you will have in addition to state actors (China, Russia, Israel) a thousand kids looking up that P&G makes a profit of $15 Billion or whatever per year, and that they surely will pay 1% of that for not having all of their company data published.
If you look at existing knowledge management system that are deployed in physical-world-companies, you will see that they actually are not allowed to index all the data, but as you would be running against a lot of laws and management best practices if in the next coffee brake everybody would laugh about poor Tony who once had a really stupid concept, created a draft document of it, but then noticed that it won't work and make him look like a fool.... Thought not giving it to his manager would solve that "problem", but it got indexed as company knowledge..
So, erm, yeah: Existing knowledge management systems to a large extend are about NOT sharing knowledge.
Sorry for this raw brain dump of mine into this thread :)
a) Due to privacy laws, no European country would right now be allowed to use your service. The data your customers wants to index will always contain stuff that allows to identify a human, and once you are there it's basically "game over" for handing over data to a third party provider like you.
b) My organization is tiny. But we are in a sector were we must be ultra paranoid when it comes to security. We do not use a single external service whatsoever, everything is self-hosted. I would love to be able to AI-index all of our collected knowledge and would pay for the value this provides. So far have been unable to find any plug & play solution. Then open source nature you have mentioned is important so that your system security can be be validated, but in the end I would rather want to pay for it being plug&play AND on-premise AND open source.
It's cool feature but is it not the given and default feature of any RAG based LLM to provide citations based on the documents chunking mechanism?
People can usually tell if an answer isn't helpful, but not always that it isn't accurate. Depending on the context, 85% accurate might not be good enough.
Instead of using the lower bound, wouldn't it make more sense to say "85% of the 95% accurate answers are helpful"? Or perhaps "95% of the 85% helpful answers are accurate"?
In both cases, the number for "answers that are both helpful and accurate" is lower than 85%.
What type of businesses are you targeting?
Our sense is that ~70% knowledge companies at large still don't have a custom GPT yet, and that of the people who do, our system can be more performant because we're spending more effort than their internal team is. There's a lot of details we've solved on data ingestion and search algo that improved our accuracy dramatically, and things breadth of data connectors is the kind of thing that is expensive for an internal team but worth it if you're providing the service at large.
Not sure what you mean by "data seems to be stored outside of the customers control," but fortunately I think many SaaS apps that were trying to lock down customer data from themselves are walking that back a little bit.
[1] https://platform.openai.com/docs/guides/your-data#zero-data-...
I get that's a big ask from a startup. If it helps, we are a company that's been around for 4+ years and have built a work tool (https://gather.town) used for 100k+ people for their daily work, Sequoia-backed, are SOC II certified, and go way beyond that for the security considerations for this product.
(My company uses Zulip/Gitea/Affine for data sovereignty reasons, but this kind of thing seems worse)
However, it didn't reach the growth trajectory we needed, so a majority of the company will be working on Grapevine + new products instead.
We've still been searching for a proper replacement for go-karting. Our team greatly enjoyed that little mini game.
A thought for any lurking vibe-coders.
I was recently trying to tackle the same problem (@howie.systems). The hardest 2 problems we had to face were ACL and large files (and large volumes).
How did you solve the ACL part? I worked with a customer that had 200k pdf/images/dwg files on SharePoint and other 1M on samba. It took like a week to sync it all and keep tabs on the access rights of each employee.
How did you solve unpredictable large files: a pdf 2000pages, maybe some A0 in the mix. Or some 4GB power point presentations?
PS: great fan of gather. PPS: say hi to Clinton from me (amy.app) if he is still around. He was our mentor back in New Zealand at the flux accelerator (2016)
Forgive my cynicism, but $2 says they simply didn’t.
(Additionally, there are a lot of details that do make a big difference in data processing / search algo too, which have taken our own internal accuracy on hard questions from 30% => 80%+)
I can't speculate exactly on the work that other companies have done, but my guess is we were way more focused on the type of questions people actually ask to each other. We know there's still a lot more you can do to continue to improve it, and so it's up to other folks if they do it too.
Lastly, a few ways we want to be distinguished from all the other offerings are: 1) super easy to setup, 2.) very developer friendly
2020-2022: We built https://gather.town, which during COVID blew up across every use-case possible: conferences, birthday parties, weddings, universities. It was a good business during COVID but eventually started to shrink.
2022-2025: We built Gather for remote workers, which was a long grind into in Audio/Video, performance, and making a game-interface that was good for work but replicated the parts of in-person work people enjoyed. It's a decent business, but didn't match our ambitions with how we wanted to change work for the better.
2025+: We have lots of ideas for how we can make work a lot better with AI. The general theme is, "can we make work as fun as a video game?" Idea being: video games are super similar to work at its core, and AI can both 1.) dramatically change how people need to spend their days, and 2.) help you "game design" someone's work day.
The Grapevine system is the first tablestakes layer people need to have for us to build the products we're excited about. Surprisingly, "company context" was not as good as we thought despite it being such an obvious, big business opportunity. So while I agree it's "basic," it does seem necessary, and is also not the full-scale of what we want to achieve still :)
There is the ChatGPT product, operated by OpenAI, Inc, which you can access via their web site or their API. OpenAI does publish gpt-oss as an open-weights model. I suppose you could argue that gpt-oss is "a ChatGPT," though I'd normally think of it as "a large language model." Much like Claude, DeepSeek, Qwen and so on are other large language models.
do you have a very strong opinion about how companies should work?
"No"
Okay, does Dario Amodei? He thinks more than half the workforce should "just" be replaced. That's a strong opinion! Do you see what I am saying?
With the company GPT, we want to tackle things like: 1.) having to answer a repeated question from a colleague, 2.) answering questions to coworkers that are purely informational, and eventually 3.) things like standup updates, written updates to leadership on status, etc.
I think human interaction at work is one of the most valuable experiences if you're lucky enough to have good colleagues and interesting work. But I think they should almost entirely be around creativity, decision-making, debate, etc. rather than sharing information that exists elsewhere.