OBSIDIAN is a four-product family of cybersecurity tooling designed for mid-market regulated healthcare. It sits above existing SIEM and EDR investments rather than displacing them, using causal deep learning to predict the next likely step in an active attack chain — not just detect that one is happening.
Why this product exists.
Most cybersecurity tools answer the question has something bad happened? with increasing confidence. They are detection systems. OBSIDIAN answers a different question: given what has already happened, what is the attacker most likely to do next? The first question is associational — pattern matching against historical incidents. The second is counterfactual — modeling the attacker’s decision space and the response actions that close it off.
The product family was designed against the central finding of the founder’s doctoral dissertation: that adoption of cybersecurity AI tooling is gated by facilitating conditions, not by detection accuracy. OBSIDIAN’s architecture reflects this in three deliberate choices: it integrates with existing tooling rather than asking buyers to rip-and-replace; it ships in four tiers so adoption can start small; and the first product in the family is free.
The four products.
OBSIDIAN Insight (free) — Wireshark plugin
A free Lua/Python plugin for Wireshark that surfaces attack-chain candidates in packet captures security analysts are already reviewing. The free tier is the adoption wedge: practitioners encounter OBSIDIAN inside a tool they already use, with no procurement cycle. v0.2.5-alpha currently passes 26 tests across Ubuntu and macOS on Python 3.10–3.12.
OBSIDIAN Chain — the first revenue product
A self-hosted attack-chain prediction engine. SQLite-backed entity graph, five source connectors (CSV, syslog, EDR API, NetFlow, Zeek), FastAPI surface, and a Markdown report writer for daily and weekly briefings. v0.1.0-alpha ships transparent additive scoring with pattern recognizers; the causal deep learning models land in v1.2+. The transparency of v0.1 is intentional: facilitating conditions require trust, and trust requires explanation.
OBSIDIAN Platform — the long-term moat
The full multi-tenant platform with neural structural causal models, automated response orchestration, and the data network effects that come from operating across many environments simultaneously. This is the long product roadmap; revenue concentrates here in years three and beyond.
OBSIDIAN PacketSense — the data product
A research-grade dataset and benchmark suite for the academic community, derived from anonymized OBSIDIAN deployments. PacketSense exists for two reasons: it generates citations that compound the brand, and it gives security researchers a reason to engage with the platform before they buy.
Intellectual property.
Provisional Patent 1, covering the causal deep learning framework for attack-chain prediction, is in preparation for filing in Month 1 of the build. The patent strategy follows from the research: the novel contribution is methodological — using counterfactual reasoning where the field uses pattern matching — and the IP positions OBSIDIAN as the originator of that approach.
The detailed case study.
This page summarizes OBSIDIAN as a product. For the scholarly case study covering the research lineage, architecture decisions, and adoption thesis, see the full case study in the portfolio.