Ethos

What VoidOrigin Is

VoidOrigin is a research-driven dev lab. We work on three connected things: security engineering for clients who need their threat model, code, and infrastructure independently reviewed; AI systems built around cognitive memory, retrieval, and agent architectures; and production apps, including our own flagship product, Socket Trader.

The work in each area is connected. The security mindset shapes how we architect AI systems. The AI work pushes the limits of the production stack. The production stack carries our own paying users, which keeps us honest about everything else. There are no internal sales teams, no account managers, no white-label partners. The same engineers who design a system are the ones who write it, test it, deploy it, and answer the email about it.

Principles

• No black boxes. If we ship a result, we publish enough of the methodology that a competent reader could reason about it. The hero benchmark is the obvious example, but the rule applies everywhere.
• Skin in the game. Production apps we build are run by us in production, including Socket Trader, where real money is on the wire. If a stack we recommend has a sharp edge, we find it before our clients do.
• Confidentiality, not opacity. Security engagements are private with the client; that is non-negotiable. Everything else, particularly AI research, ships open where it can.
• Hands stay on the keyboard. The person doing the work is the person you talk to. We do not subcontract, white-label, or hand off active engagements.
• Honesty about uncertainty. We label hypothetical results as hypothetical, paper-traded as paper-traded, and live as live. Where we are guessing, we say so.

Security Engagements

Security work is contracted, scoped, and confidential. A typical engagement starts with a discovery call to understand the system, the threat model the client has in mind, and what would change if a real adversary got in. We propose a fixed scope and price, sign an NDA, and book a delivery window.

• Methodology: threat-model walkthrough, attack-surface enumeration, code and infrastructure review, targeted exploitation where in scope, and a written report with prioritized remediations. Our reports favor a short, useful action list over a 40-page generic document.
• Reporting: findings are ranked by exploitability and impact, not generic CVSS theater. Each finding includes reproduction steps, suggested fix, and a verification check the client can run after remediating.
• Follow-up: 30-day re-test included with full audits, 14 days for AI architecture reviews. We re-verify each remediated finding and update the report.
• What stays private: findings, threat models, exploit chains, and the engagement’s existence. We do not publish client logos, case studies, or war stories without explicit written approval.

AI Systems

AI work at VoidOrigin is research-driven. We pick problems we want to understand and ship the result as open source where the work is generalizable. KongBrain, KongClaw, and KongCode are the public artifacts of that approach.

• Open by default: the AI research line is MIT-licensed on GitHub. If you can read the README and the source, you can verify the claim. The hero result on the homepage (98.2% Recall@5 on LongMemEval, no hosted vector DB, no retrieval API) is reproducible from the published repository.
• Local-first retrieval: we prefer designs where the read path runs without external API calls when possible. Cost, latency, and privacy all benefit. Where a hosted call is the right answer, we say so explicitly.
• Cross-encoder reranking: a recurring pattern in our retrieval work is to use cheap candidate generation paired with a small attention-based reranker that auto-trains from retrieval outcomes. The result is high-signal answers without the latency or cost of large hosted reranker APIs.
• What we publish: benchmarks with their evaluation harness, repos with tests, and posts that explain the design choice and the data. What we do not publish: client-confidential model designs or training data.

Production Apps

Production app work is full-stack engineering with operational rigor. We build the thing, ship the thing, and run the thing. Socket Trader is the in-house example, and the same patterns apply to client builds: real-time delivery, observability built in, audit logging where the law requires it, and a minimum viable on-call posture from day one.

• Stack: Next.js + FastAPI + a real database. WebSockets where push semantics matter. Stripe and crypto for billing. Magic-link auth, MFA on by default for sensitive accounts.
• Deploys: single-command, hands-on. We do not hand off a system without paging-grade alerting, a runbook, and a tested rollback path.
• Observability: structured logs, request IDs, latency histograms on every external dependency. If something is slow, you can find it without redeploying to add a print statement.
• Status discipline: incidents go to /status in plain English with timestamps. We post updates while the incident is active, not after.

Socket Trader, Specifically

Socket Trader is the trading product we ship. It is mentioned here because it is where many of the lab’s standards are most visible to the public. The methodology below applies only to Socket Trader, not to the security or AI lines.

Signal Generation Pipeline

• Data: bar-level futures data from multiple independent providers, cross-validated at minute resolution.
• Research: each candidate strategy is developed against a reserved training window, then evaluated against an out-of-sample window that the researcher never touches while tuning.
• Walk-forward: promising candidates are re-fit on rolling windows to check that the edge is not an artifact of a single regime.
• Paper-trade graduation: strategies that pass out-of-sample are run live-paper for at least two weeks in the current market regime before being exposed to subscribers.
• Publication: when a strategy is published, its full 120-day statistics window is exposed on the dashboard. Periods shorter than 120 days are included when enough live or paper data exists.

Risk Tiers

Every Socket Trader strategy is automatically assigned a risk tier based on the larger of its 120-day backtest drawdown and its live-paper drawdown:

• Conservative: maximum drawdown under 15%.
• Moderate: maximum drawdown between 15% and 25%.
• Aggressive: maximum drawdown at or above 25%.
• Maintenance: set automatically when a strategy’s 120-day net return, profit factor, expectancy, or drawdown drops below the healthy band. New activations are paused until the metrics recover; existing subscribers keep running it. The tier flips back to active automatically when the rolling stats return.

Tiers are computed at read-time from the current data, not hard-coded. If a strategy’s drawdown profile changes, its tier follows automatically. This does not change your cooldown, your activation, or your billing.

What the Statistics Mean

• Winrate: share of closed trades that ended at a profit, after simulated commissions and slippage.
• Expectancy: average dollar result per trade, for a baseline contract count. Your expectancy will differ based on how many contracts you trade.
• Profit factor: gross winning dollars divided by gross losing dollars. Above 1.0 is net profitable before commissions; above 1.5 is robust.
• Max drawdown: largest peak-to-trough decline in the equity curve, in percent. Assume future drawdowns can exceed this.
• Average R: average profit or loss per trade in units of the original risk.
• Max losing streak: the longest consecutive run of losses during the window.

Hypothetical and Paper Performance

Unless a statistic is explicitly labeled “verified live,” you should treat it as hypothetical or paper-traded. Live, funded results will differ from the statistics shown, often significantly, due to slippage, commissions, fill ordering, and execution latency that simulations cannot fully replicate.

Swap Cooldown

Each Socket Trader subscription activates one strategy at a time. Switching to a different strategy triggers a 24-hour cooldown during which no new activation can be made. This is a simple guardrail against chasing, and it is enforced server-side.

When a Strategy Underperforms

We do not hide strategies that stop working. If a live strategy’s rolling 20-day drawdown exceeds its historical 120-day drawdown, it is flagged on the dashboard. If our internal review concludes the edge has materially degraded, the strategy is retired and marked inactive. Subscribers on a retired strategy can swap freely without the normal cooldown.

What We Will Not Do

• We will not accept funds to manage, trade, or sub-advise your account.
• We will not tailor signals to your account size, positions, or risk profile.
• We will not sell or rent your trading activity, telemetry, or any client data to third parties.
• We will not publish cherry-picked trade-by-trade screenshots as a marketing tactic. Everything shown here is periodic aggregates.
• We will not name a client in security work without written approval.
• We will not subcontract active engagements without telling you.
• We will not ghost a deliverable. If something is late, you hear about it before the deadline.

Related

• Risk Disclosure
• General Disclaimer
• Terms of Service
• Privacy Policy

Questions about how we operate: use the contact form.