Observability for Autonomous Software

When Agents Outnumber Humans, Safety is Observability

The endpoint is where agents act. Origin observes what they do, traces why they do it, and maps how their behavior propagates across your organization - in real time.

Our Approach Our Vision →

The Problem

Current endpoint platforms were built for a world where humans operated endpoints

Endpoint detection was designed around a simple assumption: a human sits at a keyboard, and malicious activity looks different from normal activity. AI agents break both of those assumptions simultaneously.

01No Semantic ContextEDR records that a process spawned a child process. It doesn't record that an AI agent decided to refactor authentication middleware, which required reading .env files, which triggered a network call to an unfamiliar endpoint. The causal chain - the why - is invisible.

02Behavioral Signatures Break DownWhen an AI agent reads files, writes code, spawns processes, and opens connections as its normal operating mode, every heuristic your EDR relies on produces noise. The signal-to-noise ratio collapses. Legitimate agent work looks identical to lateral movement.

03Prompt-Level Attacks Are InvisibleInjected instructions, context window poisoning, tool-call hijacking - these attacks exist entirely within the agent's reasoning layer. They leave no binary signature, no network anomaly, no file hash. Your endpoint platform doesn't even know there's an attack surface to monitor.

Endpoint AI Observability

See what agents actually did, not just what they say they did

Origin captures the full semantic trace of every AI agent operating on every endpoint - the prompt that started it, the reasoning chain that drove it, every file read, process spawned, and connection opened along the way.

Then it automatically clusters that behavior, so normal patterns emerge as recognizable topology - and anything anomalous stands out by contrast, not by signature.

Semantic Trace — Prompt to Executioneng-laptop-0147 · Claude Code · 7m 32s

Prompt

User prompt intercepted and extracted from API call

"Refactor the auth middleware to use the new JWT library. Update all tests."

Reasoning

Agent decomposes task into 4 sub-operations — file reads, dependency install, code modification, test execution

6 files readnpm install3 files modified

Execution

Agent reads .env and config/secrets.yaml — access attributed to auth refactor task

READ .env → DATABASE_URL, API_SECRET READ config/secrets.yaml → production credentials

Sensitive file accessCredential exposure

Side Effect

Outbound connection to unfamiliar endpoint — not part of declared task scope

POST api.unknown-service.io/v1/validate → payload contains JWT secret

Undeclared network callData exfiltration riskScope violation

Clustered

Session classified as atypical — credential access + undeclared network call deviates from “Auth Refactoring” cluster baseline

Outlier behavior detected

What Observability Unlocks

Human observability enables agent accountability

Without semantic observability at the endpoint, none of this is possible. With it, security teams gain an entirely new operational surface - one that matches the speed and complexity of the agent workforce itself.

Activity AttributionMac-3.lan · 20 sessions · 219 prompts

InvestigationsTrace any incident to its origin promptWhen something goes wrong, follow the semantic thread backwards - from the system effect to the tool call to the reasoning step to the exact prompt that initiated the chain.

Audit & ComplianceA complete record of every agent decisionEvery prompt, every reasoning step, every file accessed and connection opened - captured, attributed, and searchable.

Fleet AwarenessKnow which agents are operating and whereDiscover every AI agent running across every endpoint in the organization - including ones nobody deployed or approved.

Behavioral BaselinesDetect anomalies by understanding normalTopic clustering establishes what typical agent behavior looks like for each team, role, and workflow. Deviations become visible immediately.

Policy EnforcementDefine boundaries in semantic termsMove beyond binary allow/block rules to policies that map to how agents actually operate - constraints that understand intent, not just process names.

Threat DetectionSee attacks in the reasoning layerPrompt injection, context poisoning, tool-call hijacking - these attacks leave no traditional signature. Origin sees the manipulation before it becomes a system effect.

Featured Research

Brainworm - Hiding in Your Context WindowMitchell Turner Introducing Marco, a Tool for Inter-Binary Control Flow MappingMatt Hand Process Preluding: Child Process Injection Before The Story BeginsJohn Uhlmann