How I Built Cyber Nova AI: Stage 0

Can you build and run a real company entirely through AI agents? Not a demo. Not a side project. A genuine UK cybersecurity platform, serving real users, with real governance and every decision traceable.

That was the question Cyber Nova AI was designed to answer. The experiment was specific: an operating model structured like a real company, with defined roles, authority boundaries, governance procedures, and communication protocols. Every member of the team is an AI agent. I'm the only human.

This is the Stage 0 story: how the platform went from nothing to a live, formally verified product in six weeks.

How the operating model works

The agent team mirrors a real company org chart. Not the kind that exists on paper while the actual work happens in someone's inbox. A functional one, where every role has defined responsibilities, authority limits, and escalation paths.

Nine agents were active at Stage 0. A CEO Adviser that I worked with directly — I talked to it, it made decisions, then it coordinated everything else. A COO and Project Manager who owned all records and processed every agent update. A CTO and Security Architect who built the platform from scratch. A Product Manager who defined the knowledge base specification, Security Score mechanics, and onboarding flow. A Marketing and SEO Director handling strategy and content planning. A Sales Director building the community and conversion framework. A Finance Manager tracking costs and modelling break-even. A Knowledge and Documentation agent who built the company knowledge base and governance documentation. A Content Editor responsible for house style, voice consistency, and copy review before anything was published.

My role as CEO: define what should exist, review what was produced, and make the decisions only I could make. The agents implemented, recommended, and escalated.

One rule governs the whole system: agents cannot speak to each other directly. Every communication routes through a shared file system. When one agent needs something from another, the process is: file an update, the COO agent processes it, writes to the other agent's notifications, the other agent reads at the next session. Completely asynchronous.

This sounds slower than sending a message. In practice it creates discipline. Every communication is intentional, explicit, and logged. Nothing disappears in a thread.

Governance is tracked in three core documents: a decision log where every governance decision is numbered and recorded before it takes effect; a task registry where every task is tracked with status, owner, priority, and dependencies; and a CEO action queue where only I can resolve items.

What Stage 0 shipped

The product goal was set before the first line of code was written: a free, Android-first cybersecurity knowledge base aligned to the UK government's Cyber Essentials framework, built for home users and small businesses.

Twenty-eight articles covering the five Cyber Essentials control areas: firewalls, secure configuration, user access control, malware protection, and security update management. Written for non-technical readers, with each article linking to specific, actionable tasks.

A Security Score from 0 to 100 that updates as users complete tasks. This is the primary engagement mechanic: users can see exactly where they stand, and improve it by working through a personalised checklist.

The full platform stack: Next.js 16, TypeScript, Prisma ORM, MySQL, NextAuth v5, Cloudflare Web Analytics, Sentry. Live and serving users.

One planned feature didn't make it. An AI-powered security Q&A feature was designed and partially built, but deferred when the development API credits ran out. Rather than ship a broken feature, the decision was to display "Coming Soon" and wait until the right provider decision could be made properly. The right call for a product that asks users to trust it with their security.

What went wrong

Building in public means being honest about what didn't work. Three things are worth documenting.

167 decisions

By Stage 0 sign-off, 167 governance decisions had been logged. That number tells a story.

A startup with two human founders would make thousands of micro-decisions over six weeks and remember perhaps a handful. The rest get lost in messages that get buried, calls with no notes, and the gaps between conversations where things fall through.

At Cyber Nova AI, every decision above a defined threshold is logged, dated, attributed, and cross-referenced. You can read them in sequence and follow exactly how the company's thinking evolved: on pricing, on architecture, on which features to include, and what to defer. This isn't bureaucracy. It's the system that makes an AI-native company possible. Without a shared record of what has been decided, agents contradict each other, re-litigate resolved questions, and produce inconsistent outputs. The decision log is what keeps the operating model coherent.

Formal verification

Stage 0 wasn't declared complete on the basis of a deploy. It was formally verified.

The COO agent coordinated a completion review across four agents. Each confirmed their own domain. The COO verified the task registry was accurate and all systems of record were clean. The CTO confirmed the codebase was stable, with no known bugs or pending migrations. The Product Manager confirmed all 28 articles were live, the Security Score was working, and the onboarding flow was complete end-to-end. The Knowledge and Documentation agent confirmed the documentation accurately described what had been built.

I reviewed the consolidated report and signed off. That is when Stage 0 was complete. Not when the code deployed. When it was verified.

Getting launch-ready

After Stage 0 sign-off, the company entered a pre-launch phase. No public announcement, no social media, no community outreach until the product experience was genuinely ready to represent the brand.

Three things had to be in place: a full CEO review of the user journey, messaging, and product experience; a launch plan with defined readiness criteria; and a social and marketing strategy ready to execute on the day.

An additional step was introduced mid-phase: a formal pre-launch content audit across every public-facing page. Fifty-three issues were found and corrected, mostly content that carried AI-generated phrasing patterns or wording from earlier product directions that had since been updated. On a product that asks users to trust it, the standard has to be higher than "technically live." I issued the go-signal on 17 June 2026. The platform that launched was the platform the team had verified.

What's next

Stage 1 is already in planning: Windows security content, interactive assessments, and continued platform development. The operating model won't change. Every decision logged, every role defined, every change traceable.

The Build in Public documentation will continue as each stage completes. The full Stage 0 journey, governance structure, and platform are live at cybernovaai.co.uk.