2026: The Year Builders Show Up
The era of the builder starts now.
Something shifted in the last twelve months. Not the tools themselves. What changed is who gets to use them.
AI got more accessible. Voice became an interface. The gap between “I have an idea” and “I built a thing” collapsed. 2026 is not about the people who have always shipped code. It is about the people who never thought they would.
Voice is an Interface Now
For most of security’s history, the keyboard was the starting line. If you wanted to build something, you had to know how to type it. Syntax. Commands. The right libraries.
Voice changes that. In 2026, analysts and engineers will talk to build. You explain an idea out loud. AI turns it into a draft, a script, a workflow. You iterate by conversation, not by rewriting from scratch. The people who can articulate what they need will have an advantage over the people who can only type what they know.
Think about what that unlocks. The analyst who knows exactly what behavior they want to hunt but never learned Python. The IR lead who has run hundreds of investigations but never written a detection rule. Voice removes the hesitation. It turns “I should build that someday” into “let me try saying this out loud.”
In fact, most of this post was generated with a voice based interface. Our ramblings can now become a thesis.
AI Turns Explanation Into Output
If you can describe what you want, you can usually create something usable. Not perfect. Not production-ready. But something real you can test and improve.
That might be a rough detection that catches 80% of what you need. A cleanup script that automates a task you have been doing manually. A runbook that gets institutional knowledge out of someone’s head. This is not about replacing expertise. It is about removing the friction between having expertise and applying it.
Most good work dies in the gap between “I should do this” and “I started doing this.” AI collapses that gap. You get a first draft in minutes instead of never.
Custom Tools for Custom Problems
Enterprise security tools solve general problems at scale. Vendors build for the middle of the bell curve and hope you can configure your way to the edges. That leaves a gap: the problems too specific, too niche, too yours for any vendor to care about.
Now, you can build tools that fit your exact situation. Tools that would never exist as products because the market is too small, but that solve your problem perfectly because they were designed for nothing else.
You are mid-investigation and need a script that correlates three log sources in a way your SIEM does not support. Before, that was a feature request or a professional services engagement. Now you describe the logic and get a working prototype in fifteen minutes. Your SIEM still does the heavy lifting. Your EDR still collects telemetry. But the last-mile automation that makes your workflow actually flow? Congratulations, you can build that yourself!
More Practitioners Become Builders
This is the real shift. Not better tools. More builders.
For years, security had a sharp divide. On one side: engineers and developers who build. On the other: analysts, operators, and managers who use what gets built. That divide is dissolving.
In 2026, people who never called themselves builders will start shipping things. Not products or platforms. Small improvements that remove friction. Glue code that connects tools. Automation that saves ten minutes and quietly adds up. This is not about becoming a developer. It is about shaping your environment instead of just operating within it.
“But I’m Not Technical Enough”
You may have been told that building requires a CS degree, years of coding, mastery of frameworks and pipelines. And that was true for a long time. The barrier to entry was high, especially if you failed a Visual Basic class like Lauren.
AI has changed what “technical enough” means. The skills that matter now are problem articulation, project planning, domain expertise, and iteration. Can you describe what is broken and what better looks like? You have spent years learning how attacks work and how your environment behaves. That knowledge is the hard part. AI can write the Python script. It cannot tell you which log source matters or why that process behavior is suspicious.
You do not have to build big. You do not need to jump straight to CI/CD pipelines or containerized deployments. Start with a Bash script that saves you fifteen minutes. A Python script that formats data the way you need it. Follow secure coding practices. Test before you trust. But start.
Speed Beats Ceremony
The orgs that move fastest in 2026 will not be the most formal. They will not require three approvals before deploying a script. They will not wait for the perfect solution when good-enough exists today. They will prototype quickly, ship rough versions, and fix things later.
Here is what makes this urgent: attackers are not waiting for you. They are already using AI to write phishing campaigns, generate malware variants, and probe infrastructure at scale. They iterate daily. They test in your production. They do not have change advisory boards or quarterly planning cycles. Speed is how they win.
The gap between attacker speed and defender speed has been widening for years. AI is the first technology that gives defenders a real chance to close it. But only if you use it to move faster, not to generate more documentation for the same slow processes. Ship something today that makes tomorrow’s attack harder to execute.
What This Means Going Forward
Security roles are changing whether job descriptions catch up or not. The analyst who can spin up a working prototype will be more valuable than the one who files a ticket and waits. The responder who builds their own tooling will handle edge cases that stumped the last three consultants.
You do not need to be a software engineer. But you do need to be willing to shape your environment. To build the small things that make your work easier. To stop waiting for someone else to solve the problems you see every day.
The question this year is simple: can you explain what you are trying to do? If you can, you can probably build it.
2026 is the year that willingness gets rewarded.
This is the first piece in a series on building as a core security skill. Next up: “Why You Should Build”
I hope ya’ll are cool with this. This post is so good (so thank you!) but I wanted to add an example prompt (to honestly to help at least one of you):
“As a security threat detection engineer, I want to create a Python script (using requests) to perform bin explode (using https://docs.sublime.security/reference/postscan-1) on a provided binary as well as receive the results (using https://docs.sublime.security/reference/getscan-1) and output the json to a file.”
Again this is super basic and most times you don’t have to provide references but can help. If anyone is interested I can create more examples.