
Services
Due Diligence — Technology & AI
Founders, Investment Committees and Acquirers need a defensible read on the technology, the tech debt, the IP moats, the AI claims, and the security posture of the target. Buy-side, sell-side, or pre-exit — the format adapts to who you are answering to. We open the model layer where others tick a box; every finding cites its evidence; every engagement carries the Managing Director's signature.
Two ways in — the automated screen you run yourself, or the white-glove engagement. A Firstlight finding steps up into an engagement; the statement of work scopes the floor.
Firstlight — Automated Due Diligence

A tool-led, automated technical screen. You run it; the report comes back in minutes, not weeks. It inspects architecture and code quality, the AI read (what is real, what is wrapper), security posture and multi-tenant isolation, documentation and operational maturity — automatically, with light human QA — against the same scoring rubrics and red-flag taxonomy our engagements use. Seven artefacts per run: an executive summary; technical findings with file-and-line citations; a remediation workbook; AI-agent fix scripts; a code-quality report; an audit trail; a JSON export. A cheap first signal before you commission a white-glove engagement — and a Firstlight finding can step straight up into one.
Four tiers:
Free — one assessment a month; three artefacts; watermarked. The "is this worth a closer look" signal, at no cost.
Daylight — five assessments a month; all seven artefacts; no watermark.
Meridian — twenty-five assessments a month; multi-seat; the AI-agent fix scripts.
Apex — unlimited assessments; SSO; sovereign self-host; a named customer success manager.
Self-serve at firstlight.millwater.consulting.
Deal-grade Due Diligence
MWC as the technology and AI partner in your diligence — commissioned where the automated screen flags enough to warrant a white-glove read, or where the deal demands the depth from the start.
How it works — 2–4 weeks per engagement.
Architecture and code-quality review.
AI and data-asset inspection — what is real, what is wrapper.
Security and compliance posture assessment.
Key-person risk and integration / standalone analysis.
Scalability assessment.
Output — a deal-grade memo covering:
Architecture and code quality.
AI and data assets.
Security and compliance posture.
Key-person risk.
The work needed to integrate or stand alone post-deal.
A remediation plan if you proceed.





