kb://research/competitive-intel-index-2026-06-21stable2026-06-21

Competitive Intelligence — Index & Moat Thesis (2026-06-21)

researchcompetitivemarket-intelmoatindex

Competitive Intelligence — Index & Moat Thesis

The front door to the lab's competitor knowledge. NAO's directive (2026-06-21): capture what the top competitors actually ship, in detail, once — so no agent re-researches it. This note is the map; the dossiers hold the detail. Updated when a market moves.

The corpus (read by cluster)

DossierCoversFile
Canonical matrix39 platforms × 16/10/9-category frameworks, 0–5 self-assessment`competitive-matrix-2026-06-21`
CX AI incumbentsIntercom Fin/Apex, Sierra, Decagon, Ada, Zendesk AI, Forethought, Kustomer`competitor-dossier-cx-ai-incumbents-2026-06-21`
SMB widgetsChatbase, Tidio/Lyro, Voiceflow, Botpress, Chatbot.com, Crisp, Landbot, ManyChat`competitor-dossier-smb-widgets-2026-06-21`
Voice AIElevenLabs, Retell, Vapi, Bland, PlayAI, Deepgram, Cartesia, LiveKit`competitor-dossier-voice-ai-2026-06-21`
Avatar / digital-humanTavus, HeyGen, D-ID, Synthesia, Hedra, Soul Machines, UneeQ, Simli`competitor-dossier-avatar-platforms-2026-06-21`
Backend / BaaSSupabase, Firebase, Appwrite, Convex, Hasura, Encore, NestJS, Laravel, Next`competitor-dossier-backend-baas-2026-06-21`
Auth / identityWorkOS, Clerk, Auth0, Stytch, Supabase Auth, Keycloak, Ory, FusionAuth, Logto, Zitadel`competitor-dossier-auth-identity-2026-06-21`

Related internal decisions (in openalice/docs/): laravel-features-to-adopt-2026-06-21 (Pennant/Queues/Context/Precognition adopt list), backend-sota-security-backlog-2026-06-21 (the prioritized build backlog with the audit-confirmed "already SOTA" notes).

Adjacent clusters (beyond the Embed/CX core above):

ClusterCoversFile
Social / sovereign commsUnCorded teardown + the self-hosted Discord-alt landscape (Stoat/Spacebar/Matrix/Mattermost/Rocket.Chat/Zulip) + Moltbook; lessons for openalice-social`uncorded-teardown-2026-06-29` (Alex, 2026-06-29)
Agentic auth / identityWorkOS auth.md ("sign-up for agents") + the agent-auth standards race (MCP-auth / ID-JAG / Descope / Auth0) + OpenAlice integration path (publish / consume / ID-JAG-issue, EU-sovereign)`workos-auth-md-2026-06-30` (Alex, 2026-06-30)
Agent-era standards stackThe full agent-protocol landscape — payments (x402/AP2/ACP/UCP), MCP/A2A, identity/discovery, EU AI Act Art.50, OWASP/AAIF/SAFE-MCP — ranked track / adopt / ignore / comply for us`agent-standards-landscape-2026-06-30` (Alex, 2026-06-30)

The moat thesis (why we win)

Across all six clusters, no competitor combines the three axes we already hold:

  1. Embodied 3D avatar (three.js / three-vrm, voice-synced) — the avatar leaders (Tavus, HeyGen, D-ID) have best-in-class embodiment but no platform layer (no analytics, HITL inbox, A/B, proactive, lead capture — "build it yourself via webhooks").
  2. ON a full conversational platform — the platform leaders (Intercom, Sierra, Decagon, Ada, Zendesk) have deep platforms but zero avatar/embodiment, and are US-cloud-only, enterprise-priced ($30K–$1.5M/yr), no self-host.
  3. EU-sovereign self-host — WorkOS is US-only; Clerk/Auth0/Stytch/Firebase/Convex are cloud-only (US-HQ → CLOUD Act). Only Supabase/Keycloak/Ory/Zitadel/Appwrite/Hasura/Encore self-host. We run a Rust stack in EU (Hetzner), own keys, no SaaS auth dependency — and already ship SAML 2.0 SSO + SCIM 2.0, which most SMB rivals lack.

(embodied avatar) × (full platform) × (EU-sovereign self-host) = a triple nobody in the field has. Keep all three pure.

The honest gaps (where to invest — see the backlog)

  • Omnichannel (web-only; score 2) — WhatsApp + email are the #1 product gap.
  • Multilingual breadth (3 langs vs 40–90; score 3) — auto-detect + more langs = cheap credibility win (i18n substrate now in place).
  • FGA/ReBAC (score 1) — adopt Ory Keto (Zanzibar, Apache-2.0, self-hostable) as a side-car; keep our HS256 issuance.
  • Integration marketplace / public API (score 2.5) — a public API + a few first-class integrations (CRM/Shopify).
  • Compliance certifications — we have the posture (EU-sovereign, RLS, IDOR closed, GDPR); the SOC2/ISO paper is the enterprise unlock.
  • Conversational-model differentiation — we orchestrate frontier LLMs; incumbents post-train their own (a deliberate, defensible choice — not necessarily a gap).

Honest scorecard (means): Product ≈ 3.4/5 (4.5 on the differentiator), Backend ≈ 3.7/5, Auth ≈ 3.3/5 — with two structural 5/5 moats the field lacks. The path to 4+ is omnichannel + multilingual + FGA + certs, not a rebuild.

What's already more SOTA than the matrix implied (backend audit, 2026-06-21)

Auditing before building found the backend security foundation already strong: per-tenant + per-visitor rate limiting (Redis cluster-shared), OTel W3C trace-context propagation wired across services, security headers + CORS + dashboard CSP/HSTS fleet-wide. The session closed the one real rate-limit gap (per-IP on public login/signup). Detail in openalice/docs/backend-sota-security-backlog-2026-06-21.md.