Ask-a-Thrunt3r: January 2026 - Season 2 Premiere 🐏

📝 Episode Summary

New year, same crew — and we’re building. The THOR Collective kicks off 2026 (Season 2!) with a deep dive into why this is the year security practitioners stop waiting on vendors and start building their own solutions. Lauren, Sydney, and John walk through the trio of Dispatch posts that kicked off the year — a manifesto series on building in security — and why the “I’m not technical enough” excuse doesn’t hold up anymore in the age of AI-assisted development.

From there, the hosts get into the real talk: what’s actually trending in security right now (spoiler: social engineering isn’t going anywhere, and the agentic attack surface is the new frontier), what’s overhyped (looking at you, “AI SOC that replaces all your analysts”), and what each of them is personally investing in this year. Sydney’s going deep on LLM evaluations and automated baselining. Lauren’s leveling up her rapid development and project scaffolding skills. John’s bouncing adversarial emulation ideas off AI — when it’ll let him.

The episode wraps with a lightning round covering certs vs. hands-on work, writing detections vs. hunting, specializing vs. staying broad, and prompt engineering vs. YOLOing it. Plus: conference announcements (CactusCon, WiCYS, BSides SF, RSA, DEF CON), puzzle swaps, PAI voice scaring partners, and Lauren’s Odyssey-inspired take on AI as Athena; a helper on your journey, not a replacement for the hero.

⏱️ Episode Breakdown

• 00:01 – Intro and welcome to Season 2

• 03:20 – January Dispatch Highlights: “2026, The Year Builders Show Up” by Lauren & Sydney

• 09:22 – “Why You Should Build” by Lauren – breaking the psychological barrier

• 13:00 – “Why You Don’t Need a Desk to Build” by Sydney – shipping code from anywhere

• 16:32 – What are we trying to solve? The mission behind the builder series

• 18:40 – Staying current on AI: AI Daily Brief, Prompt GTFO, and community resources

• 20:45 – What’s trending: social engineering, browser extensions, OpenClaw/MoltBot, agentic attack surfaces

• 24:57 – AI finding vulnerabilities: OpenSSL discoveries and the CVE explosion

• 27:45 – What’s overhyped: the “AI SOC” replacing analysts narrative

• 30:00 – Risk tolerance and the human-in-the-loop debate

• 34:25 – What we’re investing in: LLM evaluations, automated baselining, rapid development, adversarial emulation

• 39:20 – What we’re ignoring: personal balance, saying no, giving up on red teaming

• 41:27 – Hot take: ignoring prompt engineering (and the Wispr Flow revolution)

• 43:00 – PAI voice scares

• 46:04 – Lightning Round: Certs vs. hands-on, detections vs. hunting, specialize vs. stay broad, prompt engineering vs. YOLO

• 53:00 – Conference circuit and closing: CactusCon, WiCYS, BSides SF, RSA, DEF CON, SecKC

🎤 Hosts

Lauren Proehl (Host) – Manager of the group, chronic overcommitter, manifesto writer, and self-described “cautious optimist.”

Sydney Marrone (Host) – Threat hunter turned builder. Shipping code from her phone, couch, bed, and probably CactusCon’s after party. Investing in LLM evaluations and automated baselining this year.

John Grageda (Host) – Red teamer who uses AI for adversarial emulation and engagement planning, but notes the models still refuse to build offensive tooling (”nice try, buddy”).

🔗 Resources & Mentions

January 2026 Dispatch Posts

• 2026: The Year Builders Show Up by Lauren Proehl & Sydney Marrone

• Why You Should Build by Lauren Proehl

• You Don’t Need a Desk to Build by Sydney Marrone

Tools & Resources Mentioned

• Claude Code – AI coding assistant used by the hosts for building security tools and personal projects

• PAI (Personal AI) by Daniel Miessler – personal AI assistant with voice capabilities

• Wispr Flow – voice-to-text tool for talking at your AI instead of prompt engineering

• Detect FYI – article by Alex Teixeira on automated baseline detections (30-day baseline + hourly deviation checks)

• AI Daily Brief – recommended podcast for staying current on AI news

• Prompt GTFO – community resource on cybersecurity and AI

• OpenClaw / ClawBot / MoltBot – AI agents and social networks that had the hosts questioning reality

Vulnerability Research & Bug Bounty

• AISLE Discovers 12 OpenSSL Vulnerabilities (Jan 2026) – AI-powered autonomous analyzer found all 12 CVEs in the January 2026 coordinated release, some dating back to 1998

• The End of the curl Bug-Bounty (Daniel Stenberg) – curl ended its HackerOne bug bounty program January 31, 2026 due to flood of AI-generated slop reports

• Google: Building AI Agents for Cybersecurity and Defense – Google’s approach to agentic defense and building security agents

• Slack Engineering: Streamlining Security Investigations with Agents – Slack’s approach to agentic SOC defense using AI agent personas (Director, domain experts, Critic) that break investigations into phases

Key Concepts Discussed

• AI as Augmentation, Not Replacement – Lauren’s Athena analogy from The Odyssey: AI is a helper on your odyssey, not a replacement for the hero

• The Builder Mindset – scripts, queries, playbooks all count as building; you don’t need permission from the developer gods

• Return of Generalism – AI raising the floor for lower-level analysts, enabling dynamic workforce reallocation

• Agent Manager Future – the theory that everyone becomes a manager of teams of AI agents

• Trust but Verify – applies to both AI and humans; both make mistakes

• The Boot Camp Loop – AI helps break the cycle of training without applying

• Automated Baselining – 30-day baseline detection + hourly checks against deviations (Detect FYI approach)

• Agentic Attack Surface – the unknown frontier of securing AI agents and agentic workflows

Trends Discussed

• Social engineering and phishing – still trending, now AI-enhanced

• Browser extensions – emerging attack vector

• OpenClaw/MoltBot ecosystem – AI agents with their own social networks

• AI vulnerability discovery – 12 OpenSSL vulnerabilities found by AI, some allegedly decades old

• CVE reports up ~39-40% last year

• Google’s agentic defense approach – breaking prompts into investigation phases

• Prompt injection – social engineering AI agents and models

• Curl leaving HackerOne due to AI-generated bug bounty report influx

📢 Call to Action

• Read the January builder series on Dispatch – and start your own building journey; even a script that saves you a few minutes counts

• Try building something you’ll actually use – throw it on GitHub, start small, keep building

• Check out the AI Daily Brief podcast and Prompt GTFO – for staying current on AI and security

• Get Wispr Flow – if you struggle with prompt engineering, just talk at your AI

• Explore automated baselining – use the Detect FYI approach (30-day baseline + hourly deviation checks)

• Come find us at CactusCon – February 2026, THOR Collective is sponsoring the after party; swag will be available

• Write for THOR Collective – always looking for new voices, up-and-coming voices, and first-time publishers; reach out on socials

📬 Connect with THOR Collective

🗣️ Social Media:

• Twitter/X: @THOR_Collective

• LinkedIn: THOR Collective

• BlueSky: @thorcollective

📧 Contact:

Reach out through any social channel for guest post opportunities, collaborations, or to share what you’re building in 2026