A free AI-powered tool that reviews your Y Combinator application before you submit it. Built by Lobster Capital, a VC fund 100% focused on YC companies with $40M+ deployed across 100+ YC startups.

Is YC Roaster really free?

Yes, completely free — no catch, no upsell. Lobster Capital built this to give back to the YC community and help more great companies get accepted.

How does YC Roaster work?

Upload your YC application (PDF or Word) and you'll receive AI-powered feedback shortly after submission, scored across 7 dimensions — including traction, team, market, and scalability. Applications that show strong potential get matched with a YC alumni reviewer for deeper, personalized feedback.

What kind of feedback will I get?

A scored evaluation across 7 dimensions with specific strengths, risks, and suggestions tailored to your application. It's not generic advice — the feedback is based on what's actually in your application.

Who built YC Roaster and why?

YC Roaster is built by Lobster Capital, a venture firm 100% focused on investing in YC companies. With 100+ YC companies in their portfolio, this is their way of helping more founders put their best application forward. Not affiliated with Y Combinator.

How is this different from asking ChatGPT to review my application?

YC Roaster is built by a team that invests exclusively in YC companies. The AI uses a purpose-built framework across 7 specific dimensions based on insights from reviewing hundreds of YC applications. Strong applications also get matched with real YC alumni reviewers — something no general-purpose AI can offer.

When should I submit my application?

As early as possible. The sooner you submit, the more time you have to get feedback, iterate, and strengthen your application before the YC deadline.

Will everyone get a Zoom call?

Everyone gets AI-powered written feedback. If you're matched with a YC alumni reviewer and they see strong potential, they may invite you for a 1-on-1 Zoom session.

Shai-Hulud Just Hit PyTorch Lightning. Here's the Supply-Chain Answer Your YC F26 AI Application Needs.

This weekend a Semgrep writeup describing Shai-Hulud-themed malicious code inside the PyTorch Lightning AI training library hit the Hacker News front page. By the time most YC F26 applicants saw it, the post had three hundred points and roughly a hundred comments. The story is still developing, but the lesson is not new: AI startups inherit the security posture of the entire stack they sit on, and most founders applying to YC have a vague answer to that question at best.

Supply-chain security is no longer a footnote in your YC application. In May 2026, with multiple widely-reported AI infrastructure incidents inside the past quarter, it is now the question that turns a "maybe" interview decision into a "no."

This is the answer template that has worked for AI infra and AI application founders in W26 and S26, and the version you should rehearse for your F26 interview.

Why supply chain is suddenly the question

For most of 2023 and 2024, the supply-chain conversation in a YC interview was theoretical. By 2026 it is not. The pattern partners are seeing:

A high-trust open source package gets compromised through a malicious dependency or a self-replicating worm-style attack. PyTorch Lightning is just the most recent name on the list.
A model provider changes its terms of service or pricing mid-quarter, breaking unit economics for downstream startups.
An inference platform has an outage that takes a customer-facing product down for hours.

If your YC application or pitch does not anticipate any of these, you look like a founder who has not actually run a production AI system. Partners notice.

The four supply-chain layers you should be able to discuss

A strong applicant in 2026 should be able to talk about all four layers without notes.

1. Model provider risk

This is the layer everyone covers. Be specific. Which providers do you use, what is your fallback, how long would it take to switch, and what is your contractual posture? "We use Claude and we could move to GPT in a week" is not the same answer as "we route through OpenRouter with provider-agnostic prompts, and our largest-cost workload runs on a fine-tuned open-weight model we host ourselves."

2. Open source dependency risk

This is the layer the PyTorch Lightning story sits in. The right answer is not "we audit every dependency by hand." It is a process: pinned versions, an SBOM you actually maintain, a CI step that flags new transitive dependencies, and ideally a tool like Semgrep or Socket scanning your install on every build. If you have no answer here, you have no answer.

3. Training and fine-tuning data risk

If you fine-tune or train, your data pipeline is part of the supply chain. Where does the data come from, how do you detect poisoning, do you have a rollback plan if a batch is bad, and who is allowed to push to the training data store? This question is especially sharp for any startup using RAG over user-uploaded documents.

4. Inference infrastructure risk

Modal, RunPod, Together, Replicate, Fireworks, and the model providers themselves have all had outages in 2026. What is your degradation strategy when your primary inference provider is unavailable for an hour? "We show an error" is not a strategy. "We fall back to a cached response or a smaller model with degraded but acceptable quality" is.

The answer template that works in the room

The structure that has worked in recent interview cycles is four short sentences, one per layer.

"On model providers, we are [posture, with one concrete detail]. On open source dependencies, we [process, with the tool name you actually use]. On training data, we [poisoning detection and rollback in one line, or 'we do not train, here is why that is the right call for us']. On inference, we degrade to [specific fallback]."

That is the whole answer. Sixty seconds. No theater.

Founders who got into S26 this month typically rehearsed this with someone who has actually run security at a real company. F26 applicants should do the same.

The three answers that get you dinged

There are three failure modes that come up almost every cycle.

The first is the "we use industry-standard tools" answer with no names. Partners read this as "we have not actually done any of this work." Name the tools.

The second is the "we will figure it out at scale" answer. This works for some moat questions but never for security. Partners take it as a signal that you do not understand what a security incident does to a B2B AI startup's renewal numbers.

The third is the "we are too small for this to matter" answer. Your enterprise customer's procurement team disagrees, which is why their security questionnaire is forty pages long.

What to add to your F26 essay this week

The Y Combinator application does not ask you directly about supply-chain risk. It does ask what you do when something breaks, and what the biggest risks to your company are. If you are an AI startup applying for F26 and your answer to "biggest risks" does not include at least one supply-chain concern, your application reads in 2026 like a fintech application that did not mention regulatory risk in 2018.

The fix is a single sentence in your "biggest risks" answer that names the layer you actually worry about and what you are doing about it. Specificity is the entire game.

One last thing

If you have read this far and you still cannot name your fallback model, your dependency scanning tool, and your inference degradation strategy, the gap is not in your application essay. The gap is in your engineering. Fix the engineering first; the essay will write itself.

YC Roaster connects YC applicants with alumni reviewers who have shipped production AI systems and sat through their own YC interviews. If you want a founder who has lived through a real supply-chain incident to pressure-test your F26 application, that is what we exist to provide.