Ted Chai
San Francisco, CA
Defense GTM: a Startup Guide
March 2025

The U.S. government spends over half a trillion dollars a year on technology, making it not only the largest, but one of the most consequential buyers in the world. In 2020, the Department of Defense alone awarded around $445 billion in contracts, dwarfing many commercial markets and opening doors for startups to access non-dilutive funding and durable revenue streams.

However, the path to securing these contracts is rarely straightforward. It involves navigating a labyrinth of regulations, budget cycles, and legacy practices that can seem byzantine. This guide dives into the classic acqusition pathways as well as the less-obvious strategies to get your startup’s technology into the hands of Uncle Sam.

Major Acquisition Pathways for Startups

The federal government has a variety of channels through which it works with outside companies. Below is an exhaustive list of major acquisition channels – the full menu of how a startup can get its technology funded, tested, or purchased by a U.S. defense agency. For each, I’ll explain how it works, the pros and cons, and what types of startups are the best fit.

1. SBIR/STTR Grants (Small Business Innovation Research / Tech Transfer)

What it is: SBIR and STTR are grant programs for small businesses to perform early-stage R&D that aligns with government needs. 11 federal agencies participate. SBIR is often called “America’s Seed Fund” – collectively these agencies award over $3 billion annually to small firms​. The program is structured in three phases: Phase I (feasibility study, typically ~$50K–$250K for ~6–12 months), Phase II (prototype development, ~$750K–$1.5M+ for 1–2 years), and Phase III (no set funding – this is where your tech transitions to commercialization)​. SBIR is a grant competition: agencies release problem statements and solicit proposals. If your proposal wins, you get a funded contract to develop your solution. STTR is a variant that requires partnering with a research institution – it’s slightly smaller in scale but meant to transfer basic research out of labs into commercial use​

Why it exists / How to use it: SBIR/STTR is often the easiest first touch with government for a startup because it’s only open to small businesses – you won’t compete with Raytheon or IBM here. It’s also non-dilutive funding that doesn’t require an established product, as it’s explicitly for prototyping and R&D. DoD’s SBIR in particular is the largest, with components of the Army, Navy and Air Force each running topic solicitations throughout the year​. If awarded, you essentially have a funded contract to build your product.

Pros: SBIR/STTR provides non-dilutive funding and a preliminary stamp of credibility. It lowers the barrier to entry because the process is somewhat streamlined compared to full open contracts – agencies know startups need a simpler on-ramp​. SBIR awards are also legally sole-source eligible for follow-on work – meaning if you develop something under SBIR, any agency can award you a Phase III contract non-competitively to further develop or produce it. This is a golden ticket if you play it right, as it bypasses the usual competition rules. The SBIR program also protects your IP/data for a period – the government can’t disclose your technical reports to competitors, etc. Many successful defense tech companies started with SBIR funding to build early versions. For example, ZeroEyes, an AI startup, received an Air Force SBIR Phase II to adapt its gun-detection software for base security, and Icon, 3D printing company, leveraged USAF SBIR funding through the STRATFI program to scale its tech.​

Cons: A significant challenge with SBIR funding is its low transition rate to sustainable revenue and product adoption. According to a 2023 study presented at the Naval Postgraduate School:

  • Only 16% of DoD SBIR companies advanced to Phase III contracts over the past decade.
  • Of these, 61% earned less in Phase III revenue than their combined Phase I/II funding, resulting in a negative ROI.

Additionally, a small fraction of companies—just 5%—received nearly half of all SBIR funding, yet few transitioned successfully into lasting defense solutions. SBIR timelines typically extend six months or more from proposal to initiation, complicating financial planning. Primarily supporting early-stage R&D, SBIR may not suit companies aiming for immediate government sales, underscoring its limitations in bridging prototypes to sustained production.

Best fit for: Deep tech or foundational science-oriented startups that need funding to develop a proof-of-concept or prototype. It’s also great for pre-seed stage companies that might struggle to find product-market fit commercially but can find a DoD customer with a matching problem. Many university spinouts go the STTR route to get grants in partnership with their university labs. However, SBIR is less suited for pure SaaS companies that already have a MVP.

2. OTAs (Other Transaction Agreements)

What it is: Other Transactions are flexible contracting authorities that federal agencies use to obtain R&D and prototypes outside the normal FAR procurement rules. An OTA is legally not a standard contract, grant, or cooperative agreement – it’s literally an “other” agreement not subject to many federal laws that apply to contracts​. This freedom lets the government negotiate terms more like a commercial contract. OTAs gained popularity because they bypass some of the bureaucratic hurdles of FAR-based contracts: for example, they aren’t subject to certain protest rules or cost accounting standards. In practical terms, OTAs often take the form of a consortium-based model: companies join an OTA consortium in a technology area, say, drones or medical devices. The government can then issue calls to the consortium for prototype proposals, and select one or multiple members for an OTA award.

Why it exists / How to use it: OTAs were created to attract “non-traditional defense contractors”, i.e., companies that don’t typically do government business, by offering a more streamlined and commercial-friendly process​. Startups often fall in this category. For a startup, the OTA route often means less red tape and faster awards. DoD has increasingly relied on OTAs to accelerate innovation – spending through OTAs ballooned in the last decade for everything from hypersonics to AI. To pursue an OTA, a startup usually needs to: identify an OTA consortium or agency using OT authority in its domain (e.g. the Army has an OTA consortium for robotics, the Air Force might have one for space tech, etc.), join the consortium, and then respond to solicitations. Another route is via OTA solicitations like DIU’s CSO – where you don’t need to be in a consortium; you directly pitch to an agency’s call for solutions.

Pros: Speed and flexibility. An OTA contract can be awarded in a matter of months or even weeks, compared to a year or more for a full FAR contract. They also let you negotiate custom intellectual property terms or project structures that are more startup-friendly. OTAs emphasize prototype delivery – so you can get funding to build a pilot, demonstrate it, and if it meets objectives, the government can jump to buying it in quantity. They are also great for forming public-private collaboration: agencies can co-fund a prototype with you or allow multiple parties to work together. Essentially, the government can behave more like a commercial customer under an OTA, making it more accessible for a new venture​.

Cons: Not everything can be an OTA. By law, OTAs for prototypes must be used only for R&D/prototyping purposes, not routine buys – there has to be some innovation. While easier than FAR contracts, they’re not trivial – you still need to negotiate an agreement, and some OT consortia have their own internal processes and fees. Competitive advantage under OTAs can be lower for startups if many big companies also join the consortia and bid – you’re still competing, just under different rules. Lastly, lack of protestability cuts both ways: you can’t easily challenge an agency’s award decision if you lose, which means the government has more latitude – good if you have an inside track, bad if you suspect favoritism.

Best fit for startups: Startups with somewhat more mature prototypes or products that they can quickly adapt to a defense use-case are great candidates for OTAs. For example, an energy tech startup with a novel battery might join an Army OTA consortium to prototype a soldier-portable power unit. Or a drone startup might go through an Air Force OTA to test a new UAV for base security. If your tech area aligns with one of the established consortia, it’s worth joining. If you have a commercial product that could solve a government problem with slight modification, OTAs are a way the government can buy a trial without forcing you through full compliance. Non-traditional, venture-backed tech companies that have something tangible to demo within 3-12 months fit well.

3. DIU Contracts (Defense Innovation Unit)

What it is: The Defense Innovation Unit, or DIU, is a DoD organization explicitly created to bridge commercial tech into the military. DIU operates out of Silicon Valley, Austin, Boston and elsewhere, acting as a matchmaker between startups and military problems. It has a fast-track contracting process called Commercial Solutions Opening (CSO) which is essentially an OTA-based solicitation that runs on startup time. DIU posts broad problem statements (e.g. “AI for Predictive Maintenance” or “Improved Battery Tech for x”), companies submit short proposals, and DIU quickly selects firms to prototype. Contracts are usually awarded as OTAs for prototyping, typically in the $100K–$2M range for initial pilot efforts. If the prototype succeeds, any DoD entity can rapidly award a follow-on production contract to that company through DIU, without a lengthy recompete​.

Why it exists / How to use it: DIU was founded to overcome the Pentagon’s “Valley of Death” – where new tech prototypes languish and never become fielded. For startups, DIU is often the front door into DoD because it doesn’t require you to know the byzantine acquisition system. You can respond to a DIU solicitation on their website (no lengthy formal proposal, usually a slide deck or whitepaper suffices), and if selected, DIU will work with you to negotiate a prototype agreement. They typically aim to award in under 90 days​. Once on contract, DIU acts as your facilitator to find a military end-user and test your solution in real conditions. A big benefit: DIU projects come with a military customer sponsor ready to evaluate your tech. If you prove out value, DIU can flip that into a production deal, using its OTA authority or helping the sponsor do a sole-source.

Pros: Extremely startup-friendly timeline and process. DIU provides non-dilutive capital via pilot contracts that move at commercial speed, often under 90 days to award​. They explicitly seek out venture-backed and commercial-focused firms – meaning you won’t be the only newbie in the room. DIU also helps navigate the bureaucracy for you. They understand both Silicon Valley and the Pentagon, essentially acting as translators. This can save you from rookie mistakes and connect you to the right uniformed champions. DIU projects, being OTAs, come with flexible terms – you might negotiate IP rights that let you sell freely elsewhere. Perhaps the biggest pro is the bridge to scaling: a successful DIU prototype can lead to a multi-million dollar production contract much faster than a typical program. A high profile example is Anduril’s counter-drone system – DIU piloted it and then awarded a 5-year, $99M production OTA that allowed the Army, Air Force, Navy, and Marines to directly buy the system​.

Cons: DIU’s model largely ends at prototype; you still need buy-in from a service branch to get a sizeable contract. In other words, DIU can open the door and even hand you a follow-on vehicle, but it’s up to the broader DoD to walk through and fund scaling. If your prototype doesn’t immediately wow the end-users or align with a budgeted need, you risk an “innovative demo” that doesn’t translate to revenue: the dreaded pilot purgatory. DIU also prioritizes companies that can secure outside funding – if you have zero other traction, it may be tougher. Some startups also note that DIU’s broad area focus means you have to educate the DoD customer on why your tech matters; it’s not like responding to a very specific RFP where requirements are known. Finally, DIU contracts are typically for prototypes under ~$2M – if your tech requires $10M+ development, DIU might not cover that.

Best fit for startups: Dual-use tech startups that already have a product with commercial applications and want to adapt it for defense. If you’re a Series A–C company with a real product-market fit in the private sector or at least a working pilot, DIU is ideal to get a quick military test and early revenue. Examples: an AI analytics company applying its platform to satellite imagery analysis for DoD, or a battery startup repurposing its EV battery for Army vehicles. DIU tends not to fund pure basic research – you need something deployable within 12-24 months. Iif you’re in one of DIU’s priority areas (AI, space, autonomy, advanced manufacturing, cyber, energy, etc.), definitely keep an eye on their solicitations. Even if you don’t see a perfect fit, DIU allows open submissions – you can pitch them anyway via their website, and if a fit arises, they may reach out​.

4. AFWERX / SpaceWERX / NavalX / Army Applications Lab

What these are: These are the innovation hubs or outreach arms of the military services. AFWERX is the Air Force’s innovation cell, NavalX is the Navy’s innovation and small business catalyst, and Army Applications Laboratory (AAL) plays a similar role for the Army. These organizations run programs to connect startups with problems in their respective services. SpaceWERX (under AFWERX) focuses on Space Force needs. NavalX helps naval programs work with small companies and even manages the Navy’s SBIR program​. AAL issues broad problem statements to invite novel solutions for the Army.

Why they exist / How to use them: The military realized that purely relying on traditional RFPs wasn’t bringing in the best products, so these innovation units were set up to scout technology, run prize competitions, hackathons, accelerators, and streamline small contracts. As a startup, engaging with them can mean participating in pitch days, tech demo events, and tailored programs. For instance, AFWERX periodically holds “Challenge” competitions in specific areas like base security and pilot training where winners might get funding or SBIR contracts. AFWERX also spearheaded the Air Force’s use of SBIR “Open Topic,” which essentially says “pitch us any dual-use tech that could benefit the Air Force” – a huge departure from narrow SBIR topics. Selected startups get a Phase I SBIR to talk to Air Force customers; if those conversations bear fruit, the startup can get a Phase II SBIR (~$750K) to prototype for a specific Air Force end-user. This model essentially turned SBIR into a venture-style process for the Air Force, resulting in hundreds of contracts to startups that never would’ve thought to work with DoD. AFWERX also runs the STRATFI/TACFI programs (Strategic and Tactical Funding Increase) which provide matching funds to SBIR companies that attract private investment – effectively doubling your VC money with government funds to push you from prototype to procurement​.

Pros: They provide a much-needed concierge service for startups to navigate a big bureaucracy. Through AFWERX/SpaceWERX, etc., you can access end-users (pilots, sailors, etc.) relatively easily – something that normally could take months of cold calls and gatekeepers. These hubs also often have accelerator-like events: e.g., the Army’s AAL has run “problem days” and taken cohorts of startups through a residency to learn the Army’s needs, which can culminate in pilot contracts. Another pro: many of these efforts come with rapid funding. The AFWERX SBIR process, for instance, goes from proposal to contract in a few months, and they issue dozens if not hundreds of awards each cycle – it’s not a long shot; they actively want many winners. They also help with the transition – AFWERX and AAL have folks whose job is to find a long-term program of record for successful prototypes.

Cons: The innovation hubs themselves usually don’t own big procurement budgets. This means after the initial flurry of activity, you still have to secure a Program of Record or other enduring funding. Many startups enjoy the AFWERX or NavalX experience only to hit the classic valley of death: no clear path to scale into a real deployment. Another con: these programs can be overwhelmingly crowded. AFWERX Open Topic, for instance, had hundreds of companies funded – standing out to get that next contract requires hustle on your part. Also, because they cast a wide net, sometimes the quality bar for initial awards is modest, but the bar to transition is very high – meaning many Phase IIs won’t go further. In short, lots of seeds are planted but fewer flowers bloom. Startups should be aware that a $50K Phase I or even a $750K Phase II is just step 1 of maybe a 5-step process to real revenue.

Best fit for startups: If you’re an early-stage company that has never worked with DoD before, these innovation ecosystem programs are an excellent starting point. They are designed for companies that are new entrants, maybe with a commercial customer or two, and want to explore defense use cases. Even very small startups have won AFWERX or AAL contracts. Just be ready: you should have enough runway to ride through multiple phases; It might be 6-12 months of pilots before bigger contracts. Also, be prepared to network heavily– the onus is still on you to meet as many potential military stakeholders as possible during these programs. Companies that succeed here often devote a founder or bizdev lead to act as the government liaison full-time.

5. GSA Schedules (General Services Administration Multiple Award Schedules)

What it is: The GSA Schedule, now called the Multiple Award Schedule or MAS, is a giant government-wide contracting program managed by the General Services Administration. Think of it as an approved catalog of products and services that agencies can buy from easily. When a company “gets on GSA Schedule,” it negotiates a base contract with GSA that lists what it offers with set prices and terms. Then any federal agency and some state/local entities can place orders under that contract without running a full open procurement. GSA Schedules cover everything from IT services and software to furniture to scientific equipment. Over $45 billion per year is spent through GSA MAS​. Essentially, it’s a sales channel: GSA acts as the middleman pre-certifying vendors, so buyers trust that process.

Why it exists / How to use it: Agencies like using GSA schedules because it streamlines purchasing – they can skip a lot of paperwork since terms & pricing are pre-competed. If you want to sell a standard product, say a SaaS subscription or a hardware device, widely across the government, getting on a GSA Schedule can be key to unlocking those sales. To use it, a startup must apply to GSA with a detailed offer: you’ll provide pricing, show past performance, and agree to abide by various federal T&Cs. Once awarded, you’re granted a 5-year MAS contract and your company and products appear on GSA’s online shopping site GSA Advantage. Agencies can buy from you via a simple Purchase Order against the schedule, or run mini-competitions among schedule holders.

Pros: The GSA Schedule can dramatically shorten the sales process once you have it. Instead of each agency doing a full RFP and you negotiating separate T&Cs each time, any federal buyer can just issue a task order or purchase order off your GSA contract. It’s been described as having an Amazon-like catalog for government – ease of ordering is a huge plus. It also reduces competition in practice: if you’re one of only a few companies on schedule for a certain product, an agency might only solicit those schedule holders. Another benefit is credibility – being on GSA means you went through a vetting process, which signals to cautious government buyers that you’re a stable, vetted vendor.

Cons: The process to obtain a GSA Schedule is time-consuming and somewhat onerous for a startup. You typically need at least a couple years of operations or equivalent proof of responsibility, unless you use the Springboard exception, and some revenue to show. GSA will negotiate your prices down – you have to be careful to set a price list that you can live with for all government customers, potentially for years. They also impose compliance requirements: you must track and report sales through the schedule, pay a fee of 0.75% of sales, and ensure you don’t give better prices to some other customer without offering the same to GSA. It can feel like an inflexible arrangement if you’re iterating pricing in a dynamic market. Additionally, just because you’re on schedule doesn’t guarantee sales – you still must market and reach customers. It’s best used when you already have some traction or at least strong marketing pipeline in government, not as a “if you build it, they will come” situation.

Best fit for startups: More mature startups with a productized offering that can be sold and delivered as is to multiple government customers. Enterprise SaaS companies often pursue Fed/SLED markets via GSA once their product is stable and they have a few federal deals under their belt. For example, a cybersecurity SaaS that has a couple agency clients might get on GSA to expand across DHS or DoD offices more easily. Generally, if you find that multiple agencies show interest in your product, and contracting officers keep asking “are you on GSA?”, that’s a sign to get on it. If you’re earlier-stage, it might be premature to invest in GSA – better to get an initial contract through SBIR/OTA, then use GSA for scaling repeatable sales.

6. BAAs (Broad Agency Announcements)

What it is: A BAA is a type of solicitation used for research and development contracts. Unlike a specific RFP that has a detailed specification, a BAA is broad – an agency announces areas of interest and invites proposals for innovative ideas. BAAs are governed by FAR 35.016 and are used when the government wants basic or applied research, not a defined requirement solution. For example, DARPA, Office of Naval Research, and other research arms frequently use BAAs to ask for cutting-edge research proposals (like “new materials for hypersonic vehicles” or “AI approaches for multi-domain operations”). If the agency likes your proposal, they can make one or multiple contract awards under that BAA. BAAs typically remain open for a long window and may have general “open topics” where proposers can suggest any idea in the agency’s mission space​.

Why it exists / How to use it: The BAA process is meant to encourage innovative ideas by being less prescriptive. It’s used when “the government desires new and creative solutions, and will accept varying approaches”. For a startup, responding to a BAA is similar to applying for a grant or writing a pitch: you submit a whitepaper or proposal describing your novel solution to one of the BAA topic areas. If there’s interest, the agency might request a full proposal or invite you to pitch. BAAs are common in defense for things like DARPA programs or Air Force Research Lab calls. They allow agencies to fund things that aren’t already proven, hence normal procurement wouldn’t work since there’s no set product yet. Many BAAs function like a competitive grant program – highly technical, peer-reviewed by scientists. The reward is typically a contract or an OTA to do the research.

Pros: BAAs are flexible and open-ended. If you have a unique technology or approach that doesn’t fit into any narrow solicitation, a BAA gives you the latitude to propose it. Agencies are looking for out-of-the-box solutions here. Startups can leverage BAAs to get substantial funding for R&D – often larger dollars than SBIR. For instance, a DARPA BAA program might award you $1–$5M if you propose a solution that aligns and you’re selected. Importantly, since BAAs are for research, the government is generally more willing to accept risk of failure; they know not every idea will pan out, so it’s a chance to pursue high-risk, high-reward tech.

Cons: Responding to BAAs can be labor-intensive, with no guarantee of return. These are competitive solicitations often receiving many proposals from top researchers and companies; A startup might be up against MIT or Lockheed Martin’s lab in a BAA competition. The proposals usually require significant technical detail and a well-articulated work plan – effectively like writing a research grant. BAAs are also primarily for research outcomes, not immediate product deployment. So if your goal is a near-term sale or pilot, a BAA might be too far upstream. It could take years from a BAA project to something deployable, and you might have to go through a transition (like a Phase III) to actually sell the product.

Best fit for startups: Early-stage tech startups with a strong scientific innovation at their core, especially those that emerged from academic research. If your startup is turning cutting-edge research into a product, then BAA funding can be an ideal way to fund that research while retaining ownership. For example, a quantum computing startup might seek a BAA contract from the Air Force Research Lab to advance a quantum device or a biotech startup might get a DARPA BAA award to develop a novel therapeutic that has military relevance. Companies that have a longer runway and are comfortable in an R&D environment do well here – e.g. those backed by grants or deep-pocket investors who are fine with R&D contracts as a path to validation. In sum, BAAs are best for deep tech startups who essentially act like research organizations on the road to productization.

7. IDIQs (Indefinite Delivery, Indefinite Quantity Contracts)

What it is: An IDIQ is a type of contract vehicle that doesn’t specify a fixed amount of work upfront, but rather allows the government to order as needed over a period of time. It’s essentially a hunting license – you win an IDIQ award, often given to multiple companies for the same scope, and then you compete for specific task orders or delivery orders under that umbrella​. The IDIQ contract itself sets the general terms, a scope of work, and a maximum value ceiling, but the actual work is defined in each order. For example, the Army might have an IDIQ for “Cybersecurity Services” with 10 companies on it, and whenever a Army unit needs a cyber project done, they issue a task order request among those 10, then pick one to perform that task. Many large DoD programs are procured via multi-award IDIQs or GWACs (Government-Wide Acquisition Contracts) which are a type of IDIQ open to all agencies.

Why it exists / How to use it: IDIQs streamline repetitive buying. Instead of doing a full contract competition for every new need, the government pre-competes the IDIQ, then just issues quick task orders thereafter. For companies, getting on a big IDIQ can mean a steady pipeline of opportunities without full open competition each time – competition is limited to IDIQ holders, a reduced pool of rivals​.

For a startup, winning an IDIQ contract often requires going through a competitive RFP. This can be tough because incumbents and large integrators love IDIQs and have proposal teams for them. However, there are also SBIR Phase III IDIQs – if you have a successful SBIR tech, an agency can award you your own IDIQ contract to sell that tech or related services across the agency, which is a powerful commercialization vehicle.

Pros: Being on an IDIQ means you are an incumbent in a closed universe of vendors for that agency’s needs. Task order competitions are generally faster and simpler than full contract competitions – often just a brief proposal or quote. If it’s a single-award IDIQ, even better: you’ve basically locked in a customer for all their needs in that scope. IDIQs also can run for many 5-10 years, giving a long runway of potential work. For a startup, capturing even a small slice of a large IDIQ can be game-changing revenue. Another pro is that IDIQs can serve as contracting vehicles for other customers – e.g. if you hold a GSA or NASA SEWP contract, other agencies might route orders through it to reach you.

Cons: Winning a spot on an IDIQ is akin to winning a big contract – it can be a heavy lift. The solicitations often require demonstrating significant past performance, strong financials, and detailed technical volume – areas where early-stage companies might score poorly. It can be resource-prohibitive to pursue a major IDIQ solicitation without a proposal team. Also, if it’s multi-award, winning the IDIQ doesn’t guarantee any revenue. You still have to out-compete other holders on each task order. Some companies become “IDIQ ornaments” – they tout being on a vehicle but never win any tasks. Another downside: big IDIQs can be indefinite in timing – sometimes you win, but initial orders are slow to come, so you invested all that effort for a trickle of work. IDIQ work also can suffer from the feast or famine issue: you might suddenly need to staff up to deliver a large task order, then have lulls.

Best fit for startups: Startups typically don’t target big multi-award IDIQs as prime contractors in their very early years, with the exception of SBIR Phase III sole-source IDIQs, which are uniquely accessible if you have SBIR success. However, once a startup has a few government projects done, pursuing certain IDIQs can be strategic. Niche IDIQs or small-business set-aside IDIQs are more within reach. For example, the Air Force might have a small-business IDIQ for R&D support in a specific lab – a tech startup could win that by highlighting its specialized expertise.In general, startups should consider IDIQs when they are aiming to become a long-term supplier in a category of goods/services to the government. If you intend to achieve Palantir-level contracts, you will eventually need to play in the IDIQ/GWAC arena because that’s how agencies prefer to buy at scale.

8. Sole-Source Set-Asides (8(a), SDVOSB, HUBZone, etc.)

What it is: The federal government by law tries to channel a significant portion of contracting dollars to small businesses, and even more specifically to certain socioeconomic categories of small businesses. These include:

  • 8(a) Small Disadvantaged Businesses (companies owned by socially and economically disadvantaged individuals)
  • SDVOSB (Service-Disabled Veteran-Owned Small Businesses)
  • WOSB (Woman-Owned Small Businesses)
  • HUBZone businesses (located in historically underutilized business zones).

To achieve goals for awarding contracts to these groups, agencies can do set-asides – meaning only those businesses can compete – or even sole-source awards, where a contract is directly given to one qualified small business without competition. Under the 8(a) program, a contract up to $4.5M for services or $7M for manufacturing can be sole-sourced to an 8(a) firm if the agency deems that firm capable​. Similarly, a contract up to $4M can be sole-sourced to an SDVOSB or HUBZone firm. The government has targets like 5% of contract dollars to 8(a) firms and 3% to SDVOSBs, so there is real motivation for contracting officers to use these programs.

Why it exists / How to use it: Once certified, you can market yourself to agencies as an 8(a) or SDVOSB ready for direct awards. Often this involves meeting agency small business offices and contracting officers, letting them know your capabilities. Particularly the 8(a) program is powerful – agencies love using 8(a) sole-source for expediency, because competing full and open can take longer. An 8(a) award can sometimes be done very quickly if the firm is in the program and the SBA (which oversees 8(a) contracts) approves it.

Pros: If you qualify, this is arguably the simplest way to win contracts – no elaborate proposal, just you and a willing agency doing a deal. For instance, a fresh 8(a) tech startup could get a $2M development contract from an Army lab in a matter of a couple months because the Army can justify that they need to meet 8(a) goals and your tech looks promising. These awards are typically low paperwork – contracting officers just have to ensure price fairness and may ask for a quote/proposal, but it’s not a formal source selection. It’s also protected business: once you have a sole-source, you’re the incumbent and often can get follow-on work.

Cons: You must meet the eligibility criteria. These programs are for majority-owned and controlled by the disadvantaged person – so if you’re a typical VC-backed startup with diverse ownership, you might not qualify, unless your founders fall into these categories and maintain control, which can be tricky with equity dilution. Over-reliance on set-asides can be a crutch – some companies graduate from 8(a) and then struggle to compete normally.

Best fit for startups: Startups that have a founder who qualifies as disadvantaged or a veteran with service disability, or are in a HUBZone area. Many successful government tech contractors started as 8(a) – it gave them a platform to grow quickly. If you’re in that position, absolutely leverage it. The key is networking: use SBA resources, attend small business contracting events, and highlight both your tech and your eligibility. This pathway is also great if you want to bootstrap via revenue instead of raise VC – many 8(a) firms grow large on government revenue alone. If you do have venture funding, ensure your ownership structure doesn’t jeopardize the status (51%+ owned and controlled by the qualifying person).

9. FedRAMP Certification (for Cloud/SaaS Companies)

What it is: FedRAMP stands for Federal Risk and Authorization Management Program. It’s not a contract vehicle, but rather a security certification framework that any cloud service must have to be used by federal agencies. Essentially, FedRAMP provides a standardized cybersecurity assessment – if your cloud software passes FedRAMP with an Authority to Operate (ATO), all agencies can trust that your solution meets baseline security. It was created so that each agency doesn’t have to individually vet the security of cloud systems. FedRAMP has different impact levels (Low, Moderate, High) depending on the sensitivity of data. Most business SaaS targeting government need FedRAMP Moderate. The process involves a rigorous audit by an accredited third party and sponsorship by a federal agency or the Joint Authorization Board.

Why it exists / How to use it: As the government embraced cloud computing, FedRAMP became mandatory for any cloud service storing government data. If you have a SaaS product and want federal clients, at some point they will ask: Do you have FedRAMP ATO?” If not, one agency might do their own ATO for you, but broader adoption will be stymied. Using FedRAMP means:

1. Build your product to meet the required security controls (which map to NIST 800-53 standards – a 400+ item security checklist​

2. Go through readiness assessments

3. Find an agency sponsor willing to review and grant an ATO or go through the Joint Board process

4. Maintain continuous monitoring and reauthorization yearly.

Pros: For cloud startups, FedRAMP is the key to unlocking scalable SaaS sales in government. Once you achieve it, you join an small group of only a few hundred vendors. It becomes a marketing differentiator – many agencies will only consider FedRAMP-authorized solutions for certain needs. FedRAMP can also enable crossover sales – if you do it, not only civilian agencies but also state governments or critical industries might trust your security more, as FedRAMP has become a gold standard beyond federal.

Cons: It is expensive and time-consuming – a famously painful process for startups. It can take 6-12+ months and easily cost $500K-$2M when you factor in hiring consultants, upgrading systems, paying the 3PAO auditor, and dedicating engineering time to go through FedRAMP Moderate. This is a heavy investment for an early-stage company. Additionally, the maintenance is continuous: you have to maintain strict security operations (patching, logging, incident response, annual audits). If you slack, you could lose your ATO. Many startups find they essentially need to hire a full-time security/compliance team to handle FedRAMP ongoing.

One more caution: If your product involves handling highly sensitive data (classified, or military secret), FedRAMP alone is not enough – that goes into DoD IT and classified system accreditation, which is beyond FedRAMP.

Best fit for startups: Cloud software startups targeting enterprise use by government agencies. If you’re offering a SaaS that federal users will log into or that hosts government data in the cloud, you will eventually face FedRAMP. A general rule: if your SaaS deals with controlled unclassified information (CUI) or any mission data, FedRAMP Moderate is needed; if it’s purely public data or low-impact, FedRAMP Low might suffice.

Startups that have raised some capital and have at least one or two federal customers in pilot who are willing to sponsor a FedRAMP push are ideal candidates. If you’re a two-person startup, FedRAMP is likely out of reach; but if you’re, say, 20-50 people with a solid product and a couple of gov evangelists, you can tackle it. It helps to align it with your commercial security roadmap too, as many FedRAMP controls overlap with SOC2, ISO27001 – so you can knock out multiple compliance needs.

10. CRADAs (Cooperative Research and Development Agreements)

What it is: A Cooperative R&D Agreement (CRADA) is a partnership agreement between a federal government research facility and a non-federal partner (business, university, etc.) to collaboratively work on R&D. Under a CRADA, no money changes hands from the government to the partner, but the government can provide personnel, facilities, equipment, intellectual property, etc., and the partner can provide the same to the government side​. It’s authorized by law (15 USC 3710a) to spur tech transfer. For example, a startup might sign a CRADA with an Air Force laboratory to jointly test a new material – the lab provides access to testing equipment and scientists, the startup provides the material samples and data, and both share results.

Why it exists / How to use it: CRADAs were set up to leverage government labs’ immense resources and expertise to help commercial innovation and vice versa. Government labs have unique test ranges, wind tunnels, supercomputers, etc., and world-class researchers. A startup can use a CRADA to get access to these facilities or knowledge that would be hard to get otherwise. In return, the government might further its mission by advancing research or gaining insight into the startup’s technology. Importantly, CRADAs allow both sides to protect IP – any new inventions can be assigned or licensed according to the agreement, and the company’s proprietary data can be protected for up to 5 years​. CRADAs are relatively straightforward to put in place compared to contracts – often just an agreement signed by the lab director and the company, outlining the scope of collaboration, who contributes what, and how intellectual property and publications are handled.

For a startup to use a CRADA, you typically identify a government researcher or lab interested in your technology and mutually agree there’s benefit in working together. Then you approach the lab’s technology transfer office to execute the CRADA.

Pros: CRADAs are fantastic for early-stage tech validation and developing your product with government experts. You can gain access to expensive facilities or unique datasets at no cost. For instance, a startup developing a new rocket material could CRADA with NASA – NASA lets them test in a rocket engine facility, the startup gets invaluable data, NASA learns about a new material. It’s a win-win. The government typically cannot give funds in a CRADA, but they give in-kind resources, which could be worth lots of money. CRADAs are far easier to set up legally – they’re usually standardized agreements that don’t require the same competition or FAR clauses, since it’s not a procurement​.

Cons: No direct funding – a CRADA is not going to pay your bills or keep the lights on. You have to fund your side of the research. Because no money flows, sometimes priority can be lower – the government folks are doing it in addition to their funded projects, so scheduling and attention might ebb and flow. Another con: you often have to share results and possibly IP. If you invent something together, the government lab may want joint patent rights or at least royalty-free use, which could complicate your IP strategy.

If what you really need is a contract to build something for the government, a CRADA can’t substitute – it’s strictly for R&D collaboration, not acquiring a product or service. So after a CRADA, you’ll need to find a different path to sales. There is also a risk of alignment – make sure the CRADA work aligns with your product roadmap and isn’t just a science project that distracts you from commercial development. Finally, not all agencies use CRADAs equally; they’re most common in science-heavy orgs (NIH, DOE labs, military labs). You have to find the right lab and champion, which takes networking.

Best fit for startups: Hard-tech and deep-tech startups that can benefit from government R&D capabilities. If you’re in aerospace, biotech, advanced materials, energy, telecommunications – any field with strong federal labs – a CRADA could be extremely useful. For example, a biotech startup might do a CRADA with an Army infectious disease lab to test a drug on dangerous pathogens, getting access to bio-safety level 4 labs they’d never otherwise get. Or a robotics startup might CRADA with an Air Force test site to try their drones in unique environments.

Even software companies can use CRADAs, say to access a large government dataset or co-develop an AI model with a lab that has subject matter experts. It’s particularly great for proof-of-concept and testing. You should have some technical capability to bring to the table – labs aren’t interested if you’re expecting them to do all the work; it’s about collaboration.

In short, a CRADA won’t pay you, but it can drastically accelerate development and build relationships. Many startups use CRADAs as a stepping stone: develop or validate tech side by side with government, then when it’s proven, use that success to get a procurement contract or commercial customers. For deep tech startups, CRADAs are a highly recommended tool to de-risk tech and ingratiate yourself with the ecosystem.

11. Production Contracts (FAR-Based Procurement)

What it is: This refers to the traditional way the government buys fully developed products or large-scale services, governed by the Federal Acquisition Regulation (FAR) and its agency supplements. “Production contract” in defense often means a contract to produce and deliver a system at scale. More generally, FAR-based procurements cover everything from buying 1000 units of a gadget to awarding a 5-year IT services contract to deploying a system worldwide. These are the standard competitive contracts most think of – involving RFPs, source selection boards, possible bid protests, etc. They can be fixed-price or cost-reimbursable, among other types, and come with the full array of clauses like termination rights, data rights clauses, etc.

For startups, the relevant context is when you move beyond prototypes/pilots and are selling a solution ready for wide use. At that point, an agency might issue a procurement to acquire your product/service for operational use.

Why it exists / How to use it: At some point, if DoD or any agency wants to buy your product in quantity or establish a long-term service, they usually must do a FAR-based procurement, unless they can justify sole source. Using it means competing – you’ll see a solicitation on SAM.gov or similar, you prepare a detailed proposal, and go through a source selection. If you win, you get a contract that is often much larger than any pilot – this is where the dollars scale beyond tens of millions.

Production contracts in defense might follow from successful prototypes. For example, you had an OTA prototype with the Army – now the Army issues a formal RFP to procure 500 units of the system for deployment. Sometimes, thanks to laws like FASA (Federal Acquisition Streamlining Act), if you developed something commercially or via an OTA/SBIR, the agency can directly negotiate a sole-source production contract with you—this is how some SBIR Phase III work, or follow-ons to OTAs can transition. But often, for big buys, they still compete it.

Pros: Scale and revenue – this is the endgame where the real money is. If you win a large production contract, you might suddenly have 8 or 9 figures of bookings and a multi-year stable income. It’s what turns a startup into a major government supplier. Being awarded a competitive FAR contract solidifies your credibility in the market. Also, such contracts can sometimes be sole-sourced if you’re the only one who can do it, as the government has exceptions like “Only One Responsible Source” for follow-on work.

Cons: Red tape and compliance are at their zenith here. FAR contracts come with requirements like certified cost and pricing data, audits, potential penalties if you fail to deliver, and lots of oversight. You’ll need a robust internal infrastructure: accounting compliant with government standards, supply chain that meets things like Buy American Act or specialty metals regulations, and cybersecurity compliance. The sales cycle for these can be very long – sometimes the RFP is delayed, protests can add 6-12 months delay, etc. And if you lose, it can be a lot of sunk bid effort.

Once you win, you become subject to potential public scrutiny – big contracts get noticed by GAO, Congress, incumbents who lost, etc. A misstep can result in negative attention or even contract termination. For small companies, cash flow can be an issue: many production contracts are fixed-price with milestones, meaning you spend money to build then get paid when you deliver – you must finance the work in the interim, though you can negotiate for progress payments. Also, fulfilling a production contract often means ramping up manufacturing or service delivery rapidly – execution risk is high. If you fail to deliver on a major contract, it could severely hurt your reputation or even lead to legal consequences like being default-terminated or debarred, in worst cases.

Best fit for startups: At this stage, you’re not really a startup in the classic sense; you’ve become an emerging growth company or mid-tier gov contractor. Typically, startups that reach production contract phase have either:

  1. followed the pathway of SBIR/OTAs -> successful pilots -> compelled the government to contract them for deployment, or
  2. have a truly unique commercial product that the government directly procured.

To navigate this, you likely need some government contracting expertise on board – many startups by this point bring in a Head of Federal Sales or COO familiar with FAR contracts, or partner with a larger firm.

In summary, the production/FAR-based path is the goal for those who want to become long-term federal suppliers, like Palantir eventually getting Program of Record contracts or SpaceX winning the GPS launch contracts. It’s best for startups that have proven their product, have a competitive edge, and are ready to scale operations and compliance to enterprise level. Ensure by the time you go for these that you’ve shored up on compliance (get that accounting system in order, get CMMC-ready, etc.). For those that do succeed, FAR production contracts can cement your company’s position in the defense ecosystem for years to come.

12. Subcontracting to Primes (Partnering with Major Contractors)

What it is: Instead of selling directly to the government, you can partner with a prime contractor (like Lockheed Martin, Boeing, Northrop Grumman, Raytheon – or large system integrators like Leidos, SAIC) and provide your product or service as a subcontractor on their government contracts. Primes often have massive multi-year contracts and are required to subcontract a portion to small businesses. As a sub, you’d negotiate a contract with the prime, who then delivers the end product to the government. The government might not be in privity of contract with you, but you’re still contributing to a federal program.

Why it exists / How to use it: The federal procurement ecosystem has long recognized that small businesses and innovators should be involved, but sometimes the projects are too large or risky to award to a small firm directly. Hence, primes leading big projects will shop for niche capabilities from smaller companies. For a startup, subcontracting can be a lower-barrier entry: you don’t have to deal with the government’s contracting bureaucracy as much; the prime does that. You typically need to market to primes: identify programs where your tech could fit, approach the prime’s team or their Small Business Liaison Officer, and pitch to be included either in their proposal or as a post-award addition.

Pros: Easier win – getting a sub deal is often simpler than winning a prime contract, since you bypass a lot of the burdens of federal contracting. It’s a great way to get experience and past performance with reduced risk. You still get to work on important programs and get funding, but if something goes wrong, the prime buffers the relationship with the government. Primes often handle a lot of compliance – for instance, the prime might have the secure facility or clearance, and you operate under that if needed. Cash flow can be easier: some primes offer prompt pay or even advance materials, whereas government might pay slower. Many small businesses grow by being the go-to niche provider for a big prime across many programs.

Importantly, for hardware or complex systems, being a sub is often the only realistic way to participate. If the DoD is buying a new fighter jet system, a startup might supply a specialized component rather than try to build a whole jet. That still can be very lucrative long-term; Imagine being the supplier of a critical sensor on every F-35, for example.

Cons: You are one step removed from the customer. The government end-user might not even know your company’s name; all glory flows to the prime. The prime could also potentially take advantage of your tech – e.g., you might worry about IP leakage. While primes sign agreements to protect your IP or give you subcontracts, there’s always a risk that they learn from you and later develop a competing solution in-house or switch to another vendor.

Another con: margin – primes typically take a cut. The government pays them, they pay you. They might try to squeeze your pricing to improve their profit. Also, primes often have bureaucracies of their own. Some are notorious for slow subcontract negotiations or payment delays, even though legally they must pay within a certain time after they are paid.

Best fit for startups: Very often, hardware and deep tech startups find subcontracting the easiest initial mode. If you make a novel component, hooking up with a major system integrator as a supplier is logical. Software startups also do it when their product is a piece of a larger solution – e.g., you have a great analytics engine but it needs to plug into a prime’s platform for the Air Force. If your business model is B2B, think of primes as just another enterprise customer.

Startups that are not yet ready to prime a contract can use subcontracts to build track record. In fact, many contracting officers will suggest to an unproven startup, “maybe you should team with a prime on this,” rather than risk awarding directly.

To pursue this, research major defense contractors in your space and their programs. Many have supplier portals or attend small business events. Also utilize the SBA’s directory of prime contractors with subcontracting plans​. One proven strategy: get a Phase II SBIR, develop something unique, then show it to primes who work in that area – they may sub you on a Phase III or include you in proposals as a differentiator (“we have exclusive access to X startup’s technology in our bid”).

In summary, subcontracting is best for startups who: have a component technology rather than a full system, or who prefer not to deal with direct government contracting burdens initially, or who want to leverage a big partner’s scale to get into a program. It’s a common and often necessary approach in defense – after all, the big five defense firms control a large share of dollars, so finding a way into their supply chain is often essential.

Tactical Recommendations

Having an overview of the pathways is one thing; executing a government go-to-market strategy is another. Here are concrete recommendations and insights to help you decide where to focus and how to succeed in selling to the federal market:

Choosing the Right Pathway for Your Startup

Not every startup should pursue every pathway. It depends on your product’s maturity, your company’s resources, and your strategic goals:

  • If you’re pre-product or very early-stage (TRL 3-5): Consider SBIR/STTR and CRADAs first. These will fund your R&D and give you access to users without the pressure of delivering a finished product immediately. They’re effectively paid customer discovery and development. For instance, a robotics startup in concept phase might do SBIRs with the Army’s Robotics lab to prove out their idea.
  • If you have a prototype (TRL 6-7) and need operational feedback: OTAs, DIU contracts, and AFWERX programs are great. They can get your prototype in the field quickly. These programs come with funding plus invaluable end-user interaction to iterate your product.
  • If you have a market-ready product (TRL 8-9) or a commercial product with government applicability: Then look at direct procurement routes. Could you sell via a GSA Schedule or a direct FAR contract? Or is it better to team with a Prime to integrate your product into a larger system? For instance, a cybersecurity appliance startup with a finished product might first pursue a subcontract with a big integrator for a DHS deployment, while simultaneously getting on GSA Schedule to make future sales easier.
  • If you’re a deep-tech hardware startup needing significant capital for development: Try a hybrid approach: SBIRs/BAAs for R&D funds and engagement with primes for future production. E.g., a space startup could use SBIR money to develop a component and have a CRADA with an Air Force lab to test it, while also pitching to a prime like Northrop to use that component in a satellite program.
  • Leverage your unique advantages: Are you eligible for 8(a) or other set-asides? If yes, that could override other considerations because an 8(a) sole-source can get you a contract now that funds development simultaneously.
  • Align with budgets and timelines: Programs like SBIR and AFWERX Open Topic are cyclic and frequent, so they’re good if you need something this year. BAAs and OTAs can be rolling. Big FAR contracts often align with fiscal year planning – agencies might release RFPs in Q3 for award by end of Q4, so plan ahead. If you know you’ll be ready to scale in two years, start engaging the Program of Record folks now so they can program funds for you in a future budget.
  • Don’t choose just one if you can manage multiple: The most successful defense startups often layer pathways. They’ll do SBIRs to fund R&D, use OTAs/DIU to get pilot contracts, and simultaneously start FedRAMP or compliance prep in anticipation of production. They may subcontract on a program to get revenue while also doing a direct SBIR Phase II. This multi-track approach can be resource-intensive, but it maximizes your shots on goal.

Understanding Sales Cycle and Timeline Expectations

Government sales take time – often much longer than commercial. You need to calibrate expectations internally and with investors. Here are some timeline considerations:

  • Quick wins (3-6 months): DIU projects and AFWERX Open Topics can sometimes contract in this timeframe​. Small SBIR Phase I awards too (~3 months from solicitation close to award is common). OTA consortia prototype awards might be 2-4 months after proposal. These are about as fast as it gets.
  • Moderate timeline (6-18 months): SBIR Phase II from start to contract can be ~6-8 months (proposal, selection, contracting). An 8(a) sole-source could be done in a few months if you find a willing program. Traditional BAAs might take 6 months to evaluate proposals and award. FedRAMP readiness typically takes ~12 months to achieve authorization, if you have a sponsor helping.
  • Long haul (18-36+ months): Full program of record integration – if you need the Pentagon to create a budget line for your product, that can be 2-3 years (the PPBE process means if they love you today, earliest funded procurement might be two fiscal years out). Large competitive contracts from RFP to award can easily be 1-2 years, and then protests can add another 6 months.
  • End of Fiscal Year blitz: the U.S. federal fiscal year ends Sept 30. Often in August/Sept, offices scramble to spend leftover funds. This is prime time for quick contract awards if you’re ready. We’ve seen startups get a surprise contract in September because an agency had say $500k remaining and could justify a sole-source for some innovative tool. But you need to have engaged that agency earlier in the year so that when they’re looking to spend, they think of you.
  • Phase transitions: Plan the gap between phases. SBIR Phase I (typically 6 months) to Phase II (another proposal, 3+ month gap) – have other work or bridging funds to cover that gap. OTA prototype (maybe 9-12 months project) to production – plan that the follow-on production contract might not start immediately; sometimes a gap or additional testing happens.
  • Investor communication: Educate your investors that government deals have different pacing. Many startups have hit turbulence when, say, a VC expected exponential commercial-style growth, but the startup was in a 12-month trial with DoD that would only later convert in year 2. Show a pipeline with realistic timelines and milestones in between.

Compliance and Regulatory Considerations

Operating in the federal/defense space comes with a web of regulations. Compliance is crucial – ignoring it can disqualify you from deals or even get you into legal trouble. Here are key areas and how to address them:

  • ITAR and Export Controls: If your technology is related to defense, you need to know if it falls under ITAR (International Traffic in Arms Regulations) or the less strict EAR (Export Admin Regulations). ITAR controls defense articles and technical data – for instance, many space and missile technologies, night vision, certain software encryption, etc. If under ITAR, you must prevent non-US persons from access to that tech without a State Dept license​. This affects hiring (foreign nationals on the team need licenses or cannot access sensitive projects) and collaboration (no sending technical info abroad). From day one dealing with defense tech, put an ITAR compliance program in place: classify which data is ITAR, mark it, restrict it. This might be as simple as using project folders that only certain cleared employees can access. If unclear, consult export lawyers. Violations are serious and can include fines or jail.
  • Cybersecurity (CMMC/NIST 800-171): DoD in particular now requires contractors with any Controlled Unclassified Information (CUI) to meet CMMC (Cybersecurity Maturity Model Certification) at Level 2 for most, which aligns with NIST SP 800-171 controls. This includes things like multi-factor authentication, audit logs, access controls, incident response plans. It’s essentially best practices in cybersecurity that a tech startup should do anyway.
  • Contracting Compliance: Once you start signing federal contracts or subcontracts, a host of clauses kick in:
    • FAR/DFARS clauses: Read the ones in your contract. For example, DFARS 252.204-7012 mandates you follow NIST 800-171 (the CMMC precursor)​. FAR 52.204-21 is basic safeguarding. There are clauses about reporting cyber incidents within 72 hours if you suspect breach of DoD info – you need a plan for that.
    • IP/Data Rights: Understand the different levels: Unlimited, Government Purpose Rights (GPR), Limited/Restricted. Typically with SBIR, you keep full rights and gov gets SBIR Data Rights (they can use internally but not share with third parties for a period). With OTA, you negotiate – try to retain commercial rights. If doing a FAR contract, push for at least GPR not unlimited if you’re providing something at your expense. Use lawyers who know gov IP if a big contract is on the line.
    • Financial compliance: If you get cost-reimbursable contracts or certain progress payments, you might need a Defense Contract Audit Agency (DCAA) approved accounting system. Many startups avoid cost-type contracts for this reason. But if you go that route, you might need to use an accounting system like Deltek Costpoint or have a very disciplined QuickBooks setup to segregate costs by contract, track indirect rates, etc. For fixed-price prototype work, this is usually not needed – they pay milestone amounts, and you manage internally.
    • Facility Clearance and Personnel Clearances: If your work becomes classified, you’ll need a Facility Clearance (FCL) for your company and cleared personnel, which a government sponsor must initiate for you. This is a whole process with Defense Counterintelligence and Security Agency (DCSA). As a startup, you can’t just apply – you need a government or prime to sponsor you based on a classified contract need. Getting an FCL can take months or a year, so plan accordingly.
  • Ethics and Procurement Integrity: Know the boundaries. When in procurement (after RFP release), you can’t talk to evaluators about the proposal outside official channels. Don’t give government folks anything of value beyond trivial amounts (no lavish dinners – ethics rules cap gifts at ~$20). These may seem obvious, but tech startups sometimes don’t realize taking a DoD client out to a common event can actually violate ethics rules.
  • Contract Performance Compliance: Deliver what you promise, on time. If you need a change, get it in writing via a contract modification – don’t just assume it’s ok to pivot deliverables because the technical POC said “sure, that sounds cool” – the contract is with the contracting officer officially. Manage expectations and document changes.

It’s true that compliance can be a tax on innovation, but it’s also a moat. If you master ITAR, CMMC, FedRAMP etc., you are far ahead of any would-be competitor who tries to break in without that. Bureaucracy can be competitive advantage.

Case Studies

Here we highlight a few startups that successfully broke into the defense market. Each took a different route, faced obstacles, and offers insights into our discussed pathways and tactics.

Case Study 1: Anduril

Background: Anduril, founded in 2017 focused squarely on defense and building a product (an AI-enabled surveillance tower and drone system called Lattice) before having a contract, then offering it to solve an urgent problem. They heavily used OTAs and non-traditional pathways. By 2020, Anduril was deployed with US Border Patrol for surveillance and with DoD for counter-drone missions.

Pathways Used: Anduril leveraged Other Transaction prototypes and DIU opportunities. In 2019, they participated in DIU’s counter-drone prototype solicitations. Their system performed well in “meritocratic test events,” leading DIU to award Anduril a $99 million production OTA contract in 2021 to supply counter-UAS tech across the armed services​. This OTA effectively made it easy for any DoD unit to buy Anduril’s towers and drone interceptors​. Anduril also engaged directly with end-users – e.g., Marines in the field evaluating their gear – to iterate quickly. By using OTAs, they avoided long FAR contracts and got money to continuously improve the product. In parallel, Anduril kept raising substantial venture funding, giving them capital to do things like build a loitering munitions product on their own dime, which then positioned them for even larger contracts, like a ~$1B counter-drone system deal with SOCOM in 2022.

Case Study 2: Orbital Insight

Background: Orbital Insight, founded 2013, is a geospatial analytics company that uses AI to derive insights from satellite imagery (e.g., counting cars in parking lots to indicate retail activity). They were very much a dual-use company: serving finance and commercial customers, but also valuable to defense and intelligence. They took early In-Q-Tel investment and won multiple SBIRs and DIU contracts to adapt their commercial platform for government needs.

Pathways Used: Orbital Insight participated in Air Force SBIR Open Topic rounds, winning Phase I and II contracts to apply their product to Air Force geospatial intel needs. They also got a DIU contract in 2016 in the space portfolio for analyzing satellite imagery for DoD. By having commercial business, they could partially self-fund development, but SBIRs gave them non-dilutive funds to add features for government. Orbital Insight’s platform ended up being used by both DoD and investors – a true dual-use success.

Case Study 3: Scale AI

Background: Scale AI, founded 2016, provides AI training data and data labeling services using a mix of automation and human workforce. Seeing DoD’s emphasis on AI, Scale targeted defense as a growth area. They won a notable $24M contract with the Air Force/NGA under Project Maven in 2023 to provide data labeling services​.

Pathways Used: Scale AI engaged via Broad Agency Announcement/CSO type solicitations related to Project Maven. The National Geospatial-Intelligence Agency ran a competition for large-scale data labeling; in mid-2023, Scale AI was awarded a $24M contract to provide those services as a bridge contract for Maven​. This suggests they used the new Commercial Solutions Opening (CSO) authority that JAIC and CDAO have to bring in commercial AI companies quickly. Scale AI also built credibility by publishing and participating in federal AI advisory roles – their CEO Alexandr Wang served on DoD’s AI advisory board.

Conclusion

The mission is clear: America’s strategic fitness relies on industry stepping up to solve real problems—faster, smarter, and better than ever before. The government is not just another customer; it’s the highest-stakes proving ground for invention that truly matters. The door is open, and the stakes couldn’t be higher. If your startup has the tech, ambition, and drive, the U.S. government is ready to be your best customer.

Linkedin
ted@recall.ai