Olivia
Online
Origin
@originhq
Endpoint observability for autonomous software
Joined February 2025
12 Following
1.1K Followers
52 Posts
Counting tokens is easy. Knowing what they bought is the part nobody had solved.
Origin reads every session across every provider and clusters them by the work itself, so the same task done by 3 engineers or 300 collapses into one topic. Spend attaches to the work, not the prompt.
The answer in the clip wasn't a one-off. Save it as a kernel and it becomes a live query: same chart, recomputed every time you open the board.
Do you know where your tokens are going?
You can see what you spent. Not what it bought.
We fixed that. โ
Claude Code's background sessions survive terminal close, managed by a new supervisor daemon. We used it to build a persistent C2 agent whose entire payload is natural language in a Markdown file, executed by the signed binary under the user's identity.
https://t.co/1nD6ulkm03
N-day exploits from Patch Tuesday used to require dedicated VR teams. @tyholms built the same workflow from off-the-shelf parts for ~$300 per CVE. The skill and resources gating this work are now within reach of any threat actor with a credit card.
https://t.co/EKEyJctrwd
Most security teams are spending the day pulling SBOMs, querying EDR, pinging engineering, and assembling a spreadsheet in response to the #TanStack supply chain compromise that dropped yesterday evening.
Our customers ran one prompt against their fleets in Origin. It swept every IOC across network traffic, files, lockfiles, and all AI agent activity on every endpoint, then returned the exact versions in use, the engineers running them, and any agent activity that touched them. They had answers in seconds, not hours. The screenshot below shows what our own internal query returned.
This is what full endpoint observability looks like on a day like today.
Last month we showed Claude Code's remote-control channel could be redirected to any server with one flag. Anthropic added a hardcoded domain allowlist as a fix. Because the allowlist lives in the client, the redirect still works. It just takes one more hop.
https://t.co/uwB27oqGkG
LLM agents are taking away our ability to make predictive claims about the behavior of software. The security industry is not ready for a world where "Why did my agent do that?" can only be answered on a system-by-system basis.
New on the blog: @michaelbarclay_ on the hidden supply chain behind every computer use agent. CLAUDE.md, skills, and MCP configs on disk compose its behavior at runtime, and a few lines in one of them can redirect a session in ways file telemetry can't see.
https://t.co/lBc6Q6p53o
The endpoint is the execution environment for AI agents. It's where we trust them with our data and let them do real work on our behalf. Most orgs have no way to see which agents are running there or what they're doing, which is the gap endpoint observability closes.
https://t.co/KJFNznskJa
Agent features don't need vulnerabilities to become tradecraft. They just need to be useful, installed, and exposed. Codex ships with a documented IPC surface for remote TUI sessions, and one bind flag turns a compromised endpoint into a remotely controlled agent.
https://t.co/uVulk48jqh
ACP standardizes how editors talk to coding agents. It also standardizes how an adversary on a compromised endpoint talks to those same agents - prompts invisible to command line logging, permissions auto-granted without the flags defenders look for.
https://t.co/dDlW3U2Sab
My research from last week on Claude Code's Remote Control protocol has landed in the latest release of Praxis C2 framework - try it out for yourself now!
https://t.co/rvXN2xPeQi
Process argument spoofing has focused on modifying the PEB before a suspended process resumes. @jdu2600 traces what happens after and finds the initialization timeline has its own injection windows - ones that fire after the allow decision has already been made.
https://t.co/DkgnCoOYQE
axios (100M weekly downloads) just got compromised by North Korean hackers via hidden dependency. LiteLLM backdoored on PyPI. tj-actions leaked secrets from 23K repos.
Same playbook every time: slip malicious code in, rely on nobody diffing v1.14.0 vs v1.14.1.
I built a fix. ๐งต
Claude Code's remote control protocol lets developers orchestrate instances programmatically. @tyholms reverse engineered it and found an undocumented flag that redirects any instance to attacker-controlled infrastructure, silently bypassing all permission checks.
https://t.co/Tn85uj1R77
Claude's Chrome extension lets the agent interact with the web on your behalf. We reverse engineered it and found those same capabilities are exposed to any attacker on the endpoint, turning a productivity tool into a browser takeover primitive.
https://t.co/Ah0XEje91I
New on the blog: confused deputy attacks across coding agents. When multiple agents share a workspace, one agent's security configuration is just a writable file to the other - a trust asymmetry that disables sandboxes without triggering any protection.
https://t.co/7DIpWfRGg8
Windows Insider builds now have a native, OS-level broker for MCP servers.
We reverse engineered Odr.exe to understand how it validates clients, manages consent, and controls access - uncovering undocumented COM interfaces and a full ETW audit trail.
https://t.co/8poGny9usX
New on the blog: Semantic delivery of traditional tradecraft. How are agents changing offensive operations? @depletionmode explores the gap between using AI to automate attacks vs. agents becoming the attack vector itself.
Full write-up + video: https://t.co/i5Sqzi5GVZ
Last Seen Users on Sotwe
Shemales Lovers..๐
Seen from Singapore
thanh than
PORNO GAY CHILE๐๐ฅ๐จ๐ฑ | 30k
Seen from Germany
็ๆปก็ไผฝ่ฃค
Seen from Nigeria
๐โโคโฉโโโโโจโโคโค๏ธ
Seen from Turkey
เธญเธเธฒเธงเธดเธ เนเธเธข
Seen from Thailand
Abdu
18็ฆๆญข๎จ
Seen from Indonesia
BROWN SUGAR๐
๐ATLANTA
Seen from South Africa
MATURE LOVER
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers