From the Team

Blog

Lacking Intelligence About Our IntelligenceSpencer Thompson · 2026-04-23What is AI Observability?Spencer Thompson · 2026-04-21The Era of Semantic Security: Computer Use Agents and the End of SignaturesMatt Hand · 2025-11-26It's (Finally) Time For The Next Generation of Endpoint SecuritySpencer Thompson · 2025-10-26

Research

The Origin research team comes from backgrounds including Operating System internals, endpoint research, and offensive security. Our research focuses on the effect of Computer Use Agents on endpoints, the advances in semantic cyberattacks, and agent safety.

Talking to the Agent Next Door: Adversarial Advantages of On-Device Agent ProtocolsDavid Kaplan · 2026-04-13Post Start Command-Line SubstitutionJohn Uhlmann · 2026-04-06All Your Claude Are Belong To Us: Reversing Claude Code's Remote Control ProtocolTyler Holmwood · 2026-04-01How we hijacked a browser through Claude's Chrome extensionMatt Hand · 2026-03-30Privilege Escalation via Confused Deputies in Coding AgentsDavid Kaplan · 2026-03-23ODR: Internals of Microsoft's New Native MCP RegistrationResearch Team · 2026-03-17Semantically Packaged Tradecraft: Credential DumpingDavid Kaplan · 2026-03-11Brainworm - Hiding in Your Context WindowMitchell Turner · 2026-03-04Introducing Marco, a Tool for Inter-Binary Control Flow MappingMatt Hand · 2026-02-25Process Preluding: Child Process Injection Before The Story BeginsJohn Uhlmann · 2026-02-17Introducing Praxis: An Adversarial Framework for Exploring Computer Use Agents on EndpointDavid Kaplan · 2026-02-10Semantic Protocol Confusion: When My LLM Thinks It's a Web BrowserDavid Kaplan · 2026-01-25Check Your Privilege: The Curious Case of ETW's SecurityTrace FlagConnor McGarr · 2026-01-19cua-kit: Attacking the Intelligent EndpointMatt Hand · 2026-01-15Rehabilitating Registry Tradecraft with RegRestoreKeyMichael Barclay · 2025-11-13Escaping Loader Locks with PostProcessInitRoutineJohn Uhlmann · 2025-10-29Windows ARM64 Internals: Deconstructing Pointer AuthenticationConnor McGarr · 2025-10-13Unexpectedly Out-Of-Context: Detecting a LockBit SampleMichael Barclay · 2025-10-08Introducing Runtime Memory ProtectionResearch Team · 2025-08-01