Endpoint observability for agentic AI.

Origin gives you operational intelligence about your AI workforce: every agent, every interaction, and where the work is actually going.

Start free →
Ask Origin

Answer it from the endpoint.

Query the live record of agents, actions, and token spend across the AI workforce. Every question is one prompt away.

Ask Origin · DiscoveryWhere are our agents?K
You
Show every AI agent and MCP server across the fleet in the last 7 days. Group by endpoint, owner, and install path.
Routing · fleet discovery
analytics_query· done
1,284 agents · 612 endpoints · 91 shadow installs
Claude Code38%
Cursor31%
MCP servers19%
Browser agents12%
1,284 agents across 612 endpoints. 91 are shadow installs not in MDM. The biggest gap is personal Cursor installs on engineering laptops, followed by local MCP servers connected to GitHub.
Ask Origin · DiscoveryWhich endpoints run unsanctioned MCP servers?K
You
Which endpoints are running local MCP servers that aren't in the sanctioned catalog?
mcp_inventory· 47 matches
personal_install ∧ ¬in(sanctioned_catalog)
ENG-MBP-22github-mcp · supabase-mcp
LAPTOP-R180TR52postgres-mcp
ENG-MBP-14slack-mcp · linear-mcp
ENG-MBP-08github-mcp · custom-rag
47 endpoints running 21 distinct MCP servers outside the catalog. Most-touched targets: GitHub, internal Postgres, Slack. None hit the secrets vault — yet.
Ask Origin · DiscoveryWho installed an agent this week?K
You
/audit new agents this week — who, what, where, and is it sanctioned?
Routing · audit · 7d
audit· 214 events
first_observed_within(7d) ∩ kind=agent_install
diego.alvarezCodex · ENG-MBP-22 · personal
kevin.wrightCursor 3.3.30 · MBP-KW · sanctioned
ben.taylorClaude Code · HR-LAPTOP-04 · sanctioned
priya.shahCopilot · FINANCE-PC-07 · sanctioned
214 first-time agent installs this week. 18 are personal / unsanctioned. 196 came through the standard install path; the rest were side-loaded.
Ask Origin · DiscoveryShow agent density by team.K
You
Break down agent installs by team — which orgs are highest density?
analytics_query· done
agents_per_endpoint by org
Engineering64%
Customer Eng48%
Product31%
Security22%
Engineering averages 4.7 agents per laptop — highest density in the company. Customer Engineering is second at 3.2. Marketing and Sales sit below 1.
Ask Origin · DiscoveryPersonal-GitHub connections?K
You
Any agents on the fleet connecting to GitHub from personal accounts?
Routing · attribution
session_trace· 9 sessions
agent.git_auth ≠ user.sso_email
Cursor · ENG-MBP-22auth: diego.gh ≠ diego.alvarez@
Claude · ENG-MBP-08auth: a-singh-dev ≠ aaron.singh@
Copilot · LAPTOP-R180TR52auth: mwong-side ≠ wong.m@
9 active agent ↔ GitHub auth pairs where the agent's commit identity doesn't match the SSO identity. All on Engineering machines.

Start on one device, then ask the same questions across the fleet.

Run your first queries free →
Vantage Point

The endpoint is where intelligence becomes work.

Every AI action happens here — the prompt that started it, the tool the agent invoked, the file it changed, the API it called on behalf of the user.

Origin runs at this layer. We attribute every step to the user and the agent that did it, and reconstruct the chain end to end.

Nothing upstream sees the work happen.

Nothing downstream can put it back together.

HostnameAgents
HR-LAPTOP-04claude,copilot19.2605.31181.0
Lukes-MacBook-Proclaude,chatgpt1.2026.133.0
MacBook-Pro-KWclaude,cursor3.3.30,chatgpt
MKTG-DESKTOP-11claude,copilot19.2605.45031.0
SALES-LAPTOP-01claude,cursor3.3.12,copilot
ENG-MBP-22claude,codex,cursor3.3.30
FINANCE-PC-07copilot19.2605.31181.0
Visibility

Find every agent in the fleet.

AI agents are spreading through your organization faster than any inventory tool can track. Your developers install them, configure them, and connect them to new systems every week.

Origin keeps up. Every AI agent and every MCP server on every endpoint, observed continuously — not when someone reruns the query.

Activity surfaceOverview activity
1D5D1M1Q1Y
Active endpointsActive sessionsPrompt volumeToken volumeCluster swimlane
5/13 4:29 AM–7:59 PM
TOTAL24
Claude18
OpenRouter3
Gemini2
ChatGPT1
Codex0
ClaudeChatGPTOpenRouterGeminiCodex
Tracing

Replay what the work actually did.

Every prompt the user sent. Every tool the agent invoked. Every file it touched. Every network call it made.

Attributed end to end — to the user, the agent, and the process that issued it.

May 15 – May 19, 2026
Clustering

See where intelligence is going.

Token bills tell you what you spent.

Origin tells you what you bought.

We cluster every AI conversation across your org by topic, team, and initiative — so AI spend becomes legible to the people who approved it.

Activity surfaceOverview activity
1D5D1M1Q1Y
Active endpointsActive sessionsPrompt volumeToken volumeCluster swimlane
brightness · trace volumesize · how many endpointshover a cell to inspect
For You

Everyone has an Origin.

For the developer

Install on your laptop in five minutes. See every AI agent on your machine, every prompt you've sent, every tool an agent called on your behalf — free.

For the CISO

Make AI adoption something you can approve, not delay. Every agent, every endpoint, every action — visible, attributed, and audit-ready.

For the CIO

Stop guessing where your AI investment is going. See which teams use AI most, what they work on, and where they're stuck on problems other teams have already solved.
Who We Are

An endpoint team built for this.

The Origin team comes from endpoint software, security research, OS internals, and offensive engineering — careers spent in the layer of the stack we now run on.

Backed by

Start free on one laptop.
Or talk to us about your fleet.

Start free →