Insights Mill Creek publications
Long-form thinking from Mill Creek on agentic application security — the threat patterns we are seeing in production, the engineering decisions behind Olympus, anonymized notes from the engagement floor, and the occasional letter from the partners. Published when there is something specific worth saying.
What we publish
Threat briefs are focused analyses of specific patterns we are seeing in production, written for other security operators. Engineering notes are technical writing on Olympus internals — how the sprites are built, why the constraints look the way they do, what we have learned shipping pull requests on someone else's codebase. Field notes are anonymized engagement stories: a situation, an intervention, an outcome. Letters are positioning essays from the partners, written when a question keeps coming up enough that an answer is worth committing in print.
We do not publish to a calendar. We publish when there is something specific worth saying. The cadence is roughly one piece a month; sometimes two, occasionally none. If you want to be told when something new lands, the email list runs from the bottom of this page.
Featured
A summary of every Mythos-derivative agent we have seen weaponized this year, the three exploit classes that keep showing up, and a frank assessment of which remediation pipelines absorbed them and which broke.
Archive
Earlier pieces, most recent first. Filter by category soon.
We get this question more than any other. The answer is a small set of constraints that turn out, on reflection, to be the product itself.
An anonymized account of a Mythos-era agent whose authority quietly expanded twenty-six integrations beyond what the original change ticket described. What we found, what we changed, what the audit committee decided to do with it.
Three years of audit-committee read-outs distilled into the questions that actually matter and the answers that consistently work. Less performance, more disclosure.
A taxonomy of the pivots we are seeing in production agentic systems, with concrete examples drawn from the red-team engagement lane. The vendor security review does not catch this, and we explain why.
The reasoning behind the multi-agent finding-grading architecture, the specific failure modes we designed around, and why the customer always sees the dissent log alongside the resolution.
An anonymized case from the Olympus retainer book. Material non-public information was not disclosed because the evidence layer was already in place when the incident began.
The sentence we end every brief with, and why it has been worth the legal review every time. A short argument for treating the merged pull request as the security artifact, not the finding.
Standing list
One email per piece, sent the morning it lands. No newsletter digest, no marketing sequence, no third-party tracking. We publish at most one or two pieces a month.