Escher · GTM · PMM

Escher GTM Plays

4 signal plays · automated detection · YC W25 + W26 pipeline

GTM alpha is the competitive edge built on data your competitors don't know to look for. Each play is a buying moment detector.

The 4 plays ranked by uniqueness of signal
P1
AI Native
Company is actively using AI coding agents
When a team has CLAUDE.md in their repo, they've already decided AI agents are part of how they ship. That means their codebase is moving faster than their infrastructure can keep up with. Someone is about to feel that pain.

AI moved the risk, it didn't eliminate it. Coding agents didn't reduce cloud complexity. They introduced a new class of problem: agent-generated infra changes to the cloud estate. A PR passes in Claude Code or Augment, no one knows what changed in the cloud because the tool isn't connected to the cloud estate. Agents running in infinite loops burning compute. AI tools with production credentials nobody audited. IAM that was figured out for humans and now needs to be re-solved for agents.
Built
Full automated GitHub scanner. Slug derivation from domain to GitHub org lookup, lists all public repos, checks each for CLAUDE.md. Pre-seeded cache of 36 confirmed companies to protect rate limits. Scored by recency: fresher commit = hotter signal.
Results
20 companies caught
View outreach list
P2
SOC2 Pressure
First enterprise customer or prospect sends a security questionnaire
The trigger. An enterprise customer shows interest. You have a lean team, as many agents as people, and SOC2 lands in your inbox with no prep.

What most find when they go looking. Nothing at all, or a shitty SOC2 from the year before that raised more questions than it answered. Priya opens the AWS console for the first time with security in mind. The S3 bucket their product writes to: public. The IAM user they use for deployments: AdministratorAccess, key created on day one, never rotated, stored in a .env file that got committed to the repo twice. Root account: no MFA. CloudTrail: off. Three security groups with 0.0.0.0/0 ingress she doesn't remember creating.

The trap. Confusing evidence collection with evidence generation. Most automation is just structured collection: a tool pulls an API snapshot instead of a human taking a screenshot. Better hygiene, not a different thing. Vanta and Drata solved collection. That works for configuration-state controls: encryption enabled, MFA enforced, branch protection configured. Process controls are different. Access reviews, change approvals, incident response still depend on human-generated artifacts. Type I friction is mostly gone. Type II ceiling hasn't moved. Early-stage teams also need to know what matters and what can wait. That judgment is domain-specific. HIPAA is not ISO is not SOC2 Type I.

Where existing tools stop. Escher is the bridge between your team and the auditor. Claude Code helps Priya write the fix, draft the policy, answer the questionnaire. The writing gets faster but it starts from what Priya tells it. She still has to go find that out herself. Console, service by service, region by region, reconstructing what exists before she can describe it to anything. The three days become two. The hard part is exactly as hard. That's the gap Escher fills.
Built: three independent checks
01Vanta/Drata trust page: checks trust.vanta.com and security.drata.com. Known false positive rate (~50%) from SPA routing; treat as confirmed only when a second signal agrees.
02Pricing page enterprise tier: fetches /pricing, requires "enterprise" and "contact sales/custom pricing" in actual page content. Reliable, no false positives.
03Own-domain security page: fetches /security, /trust, /compliance, requires 2000+ characters and security keywords (SOC2, HIPAA, ISO 27001, encryption). Content-gated, no noise.
Results
196 flagged · ~15–20 with pricing:enterprise-tier confirmed · top 6 have multiple P5 signals stacking
P3
Live on Prod
Production is live, cloud estate isn't governed
Growing startups hit the same inflection points — cost discovered a week late, over-provisioned access found during an audit, a sudden SOC2 request, a junior engineer asking what permissions to give Claude. These aren't four problems. They're the same problem across four surfaces: AWS Cloud Infra Management, FinOps with infra visibility, IAM for teams and agents, and Sec Ops.
Built
Detection needs to be rebuilt for this framing. Current pipeline runs a 60-day Series A funding signal; that's the wrong trigger. Right signals: pricing page going live with paid tiers, engineering blog announcing production milestone, job postings shifting from founding roles to operational hires.
P4
Scaling Pressure
First infra or GTM hire posted
An infra hire means the founding team has hit the ceiling. Not of knowledge but execution. They know dev environments are idle, they know the bill is off. Identifying the problem is easy. Going through 36 VMs, three regions, seven services to actually fix it is what stalls. The job post is the moment they admit they can't do it alone.

New services, new permissions every day. Every two or three days a new ad hoc request. The tech lead becomes the routing point for the whole team — easy for him, impossible for everyone else. Already using Claude and ChatGPT to manage the ops load, still spending a disproportionate amount of time on it.

A GTM hire (first AE, CSM, Solutions Engineer) means enterprise deals are landing. Now the infrastructure has to work like a real company's.
Built
Checks Ashby, Greenhouse, and Lever public job board APIs (unauthenticated). Detects infra roles (SRE, Platform, DevOps, Cloud Security) and GTM roles (AE, Solutions Engineer, CSM). Founding roles scored highest (+5), GTM = +3, infra = +2.
Results
21 companies caught
Gaps & Clay coverage

What each play is missing, and whether Clay closes it

Play Gap Clay covers?
P4 Companies on Workday, Rippling, or LinkedIn-only are missed ✓ LinkedIn Jobs scraper
P4 No posting date on some ATS systems ✓ LinkedIn enrichment
P3 Detection not yet built for Live on Prod framing; needs launch signal pipeline ~ Partial: Clay Audiences web intent + ProductHunt signals
P2 Vanta/Drata false positives from SPA routing (~50%) ~ Partial: AI page scraping
P2 No G2 enterprise badge check ✓ G2 profile scraping
P2 RSS feed limited to companies with public feeds ~ Partial: news API
P1 Private repos invisible. CLAUDE.md kept internal won't surface ✗ No tool covers this
P1 Doesn't catch Cursor rules files or other AI agent configs ✗ No tool covers this
P1P4 Contact enrichment: names and emails for outreach ✓ Clay + Apollo
All No unified deployment layer across all 4 plays ✓ Clay Audiences: unified signal segments, auto-sequences on signal fire