Most security tools detect what already happened. OBSIDIAN was designed around a different premise: that attack chains are causally structured and partially predictable, and that the right place for a security platform to sit is not at the alert review layer but at the layer above SIEM and EDR, ingesting their output to reason about what the adversary is likely to do next.
The product family is the direct field translation of the doctoral dissertation’s facilitating-conditions finding. The first ICP — mid-market regulated healthcare in the New Jersey and tri-state region — was chosen because it is the domain in which the adoption thresholds are most stringent and the research most cleanly applies. Hospitals and clinics buy security tools they cannot operate. OBSIDIAN’s architecture exists to remove that gap.
The product family
Four interlocking products, deliberately staged.
- OBSIDIAN Insight for Wireshark — a free Lua plugin plus Python engine. Loopback-only TCP analysis in v0.2.5-alpha; 26 passing tests; zero third-party runtime dependencies. The discovery product. Practitioners install it because it improves their day-to-day packet analysis; they encounter OBSIDIAN’s reasoning model in a context they trust.
- OBSIDIAN Chain — the first revenue product. SQLite entity graph, five source connectors, FastAPI surface, Markdown report writer. v0.1.0-alpha. Predicts the next likely step in an active attack chain by reasoning across signals already collected by the customer’s existing SIEM and EDR investments.
- OBSIDIAN Platform — the long-term moat. A unified workbench surfacing Chain’s reasoning, audit trail, response orchestration, and per-incident causal narratives. Built for security operations centers that prefer to keep their existing tooling and add intelligence above it rather than replace below.
- OBSIDIAN PacketSense — a Year 2–3 product. Continuously sampled traffic intelligence at the network edge, fed back into Chain’s prediction model.
The intellectual property
The first provisional patent — Causal deep learning for attack-chain prediction with counterfactual response-action selection — is in preparation for filing in Month 1, before any public disclosure of the v1.2+ causal inference module. The current shipping version uses transparent additive scoring rather than black-box ML, which the v0 IP strategy reflects: the file named narrative.py in the source tree (formerly causal.py, renamed for IP hygiene) carries the public-facing reasoning logic while the causal model itself stays under patent prosecution.
A security platform that sits above SIEM and EDR — not as competition, but as the reasoning layer those tools were never designed to be.
The adoption strategy
OBSIDIAN’s go-to-market is engineered against the dissertation’s findings. The Insight Wireshark plugin is free and unrestricted, because the threshold to install it is near zero and it earns trust through utility before commerce. Chain prices as a subscription beneath the cost of a single security analyst, with a deployment pattern that requires no rip-and-replace of existing tooling. Every onboarding starts with a prebuilt integration kit for the customer’s existing SIEM (Splunk, Sentinel, QRadar, Sumo) and EDR (CrowdStrike, SentinelOne, Defender). Compliance documentation — SOC 2, HIPAA technical safeguards, NIST mapping — is shipped before the customer asks.
The structural question still open is corporate: whether OBSIDIAN sits as a standalone entity, under Arkc Technologies as a software complement to the physical-security hardware portfolio, or with IP assigned to NuWork Holdings as a defensive structure. The decision is open through Q3 2026.
Status
Alpha. IP-pending. First ICP engagements in qualification through Nora’s network in the New Jersey and tri-state mid-market healthcare segment. ML Lead hire is the next personnel priority; the 13-page technical research brief used for that search is available on request.