Skip to content
Library

Research & publications.

Everything we publish, with dates and receipts. Available under NDA where required, most of it without.

  • Case study

    From first alert to full attribution

    How we contained a targeted breach against a Canadian firm in under 72 hours, attributed the adversary, and rebuilt their human defences over the 90 days that followed.

    Feb 2026 · 6 pp
    Read
  • Whitepaper

    A case for evidence-first detection

    The architectural argument behind the Atlas provenance chain.

    Apr 2026 · 18 pp
    Request
  • Report

    State of the Graph, Q1 2026

    Observed adversary behaviour across our monitored estate.

    Mar 2026 · 32 pp
    Request
  • Whitepaper

    Detections that explain themselves

    The rule we use for every detection that ships in Vector.

    Feb 2026 · 12 pp
    Request
  • Playbook

    IR retainer: the first 48 hours

    Field-tested runbook for the opening phase of an incident.

    Jan 2026 · 22 pp
    Request
  • Report

    Living off the pipe, CI abuse in the wild

    A pattern we've been tracking in customer environments.

    Nov 2025 · 14 pp
    Request
Quarterly digest

Get the digest in your inbox.

A short quarterly memo: what we saw, what we shipped, what we'd change. No marketing. No re-posts. One email per quarter.

4 issues / year Unsubscribe in 1 click No tracking pixels

By subscribing you agree to our privacy policy.