/ Resources
Blog
Field notes from the WitOne SOC, engineering, and research teams. Specific, technical, and on-the-record.
- April 28, 2026
Why mean-time-to-respond is the wrong metric
MTTR rewards the wrong behavior. Here's the metric we replaced it with — and why our analysts are happier.
- April 14, 2026
Building a SOC for the AI era
Three years in, here's how the WitOne SOC restructured around autonomous tier-1 — and what we'd do differently.
- March 30, 2026
Prompt injection in the wild: a 2026 field guide
What we've seen across 4,200 production agent deployments — including three indirect-injection campaigns most teams missed.
- March 12, 2026
From SOAR to autonomous response
Why playbooks-as-flowcharts hit a ceiling, and what replaces them.
- February 24, 2026
When FinOps meets SecOps
Cloud waste and cloud risk live in the same blast radius. Here's how we model both in one fabric.
- February 8, 2026
If your RAG can't cite, your RAG can't ship
Why citation isn't a UX feature — it's a product requirement. With code samples from Astute.
- January 22, 2026
The tabletop we actually failed
We ran a deepfake-CEO ransomware tabletop with one of our customers. Here's everything that broke.
- January 6, 2026
Healthcare ransomware: a 2025 recap and 2026 outlook
Volume was up 27%. Dwell times were down. Here's what's actually changing in healthcare-targeted ransomware.