Ask-a-Thrunt3r: April 2026

#1737131: Ask-a-Thrunt3r: April 2026 — Signal vs Myth

Description:	Episode Summary Mythos pulled us out of sabbatical. After a few months heads-down on conferences, work, and shipping, the THOR Collective is back with a special episode dedicated to cutting through the Mythos hype cycle. Lauren and Sydney are joined by Trent Lo (aka Surbo), Principal Security Researcher at Marsh and longtime adversary-in-chief from the CenturyLink days. Trent lives on both sides of the fence — offense and defense — which makes him exactly the right person to help us answer the question the whole industry has been screaming about since Anthropic’s announcement: is this real, or is this marketing? The crew walks through what Mythos and Glasswing actually were (versus the cyber-nuclear-war headlines), where AI genuinely changes the game for attackers, and where defenders still hold the line. The throughline: behaviors still win. AI changes tempo, not fundamentals. There is still a human pointing the tool, and that intent — not the model — is what matters. Trent’s take is measured, grounded, and refreshingly free of doom: nation-states already have this capability and have for a while, the have-and-have-nots gap is going to widen, and the smartest move right now is to get your patching program in order before the wave of AI-found vulnerabilities crests. Sydney walks through three new HEARTH features — What Can I Hunt, the Coverage Map, and the Context Graph — and recaps ATHF for anyone who missed her SANS AI Summit talk. Lauren teases her Vercel/Context.ai infostealer-to-SaaS hunt guide. Then the conversation pivots to defense at machine scale: how the well-resourced orgs should be thinking, what the under-resourced shops can actually do with Gemma 4 running locally and Copilot bundled in their E5 license, and why vulnerability programs are about to become the most important muscle on the team. We close with a Myth or Signal rapid round (AI SOC replacing analysts? threat hunting copilots? baselining? autonomous pentest? AI-generated malware?) and conference plans for the rest of the year. ⏱️ Episode Breakdown 00:23 – Intro and welcome back from sabbatical 02:06 – Guest intro: Trent Lo (Surbo), Principal Security Researcher at Marsh 04:24 – THOR updates: new HEARTH features and ATHF recap 07:41 – April Dispatch posts: Vercel infostealer-to-SaaS hunt + Mythos Won’t Kill Threat Hunting 10:17 – What Mythos and Glasswing actually were vs. the marketing hype 15:37 – Where humans still win: judgment, intent, and what “agentic” really means 21:43 – What actually worries us about Mythos (hint: it’s the keyboard, not the model) 25:14 – Defense in the open and the widening have-and-have-nots gap 27:52 – Closed source vs. open source post-Mythos, and the CVE explosion problem 34:25 – How defenders can actually use AI: imposter syndrome, IR, and machine-scale hunting 39:56 – Defense at machine scale: resourced vs. under-resourced playbooks 46:46 – What a two-person team should prioritize (spoiler: patch your shit) 51:13 – ⚡ Myth or Signal rapid round 53:41 – Plugs, conferences, and Allbirds becoming an AI company 56:32 – Happy thrunting
More info:	https://dispatch.thorcollective.com/p/ask-a-thrunt3r-april-2026-signal

Description:

Episode Summary
Mythos pulled us out of sabbatical. After a few months heads-down on conferences, work, and shipping, the THOR Collective is back with a special episode dedicated to cutting through the Mythos hype cycle. Lauren and Sydney are joined by Trent Lo (aka Surbo), Principal Security Researcher at Marsh and longtime adversary-in-chief from the CenturyLink days. Trent lives on both sides of the fence — offense and defense — which makes him exactly the right person to help us answer the question the whole industry has been screaming about since Anthropic’s announcement: is this real, or is this marketing?

The crew walks through what Mythos and Glasswing actually were (versus the cyber-nuclear-war headlines), where AI genuinely changes the game for attackers, and where defenders still hold the line. The throughline: behaviors still win. AI changes tempo, not fundamentals. There is still a human pointing the tool, and that intent — not the model — is what matters. Trent’s take is measured, grounded, and refreshingly free of doom: nation-states already have this capability and have for a while, the have-and-have-nots gap is going to widen, and the smartest move right now is to get your patching program in order before the wave of AI-found vulnerabilities crests.

Sydney walks through three new HEARTH features — What Can I Hunt, the Coverage Map, and the Context Graph — and recaps ATHF for anyone who missed her SANS AI Summit talk. Lauren teases her Vercel/Context.ai infostealer-to-SaaS hunt guide. Then the conversation pivots to defense at machine scale: how the well-resourced orgs should be thinking, what the under-resourced shops can actually do with Gemma 4 running locally and Copilot bundled in their E5 license, and why vulnerability programs are about to become the most important muscle on the team. We close with a Myth or Signal rapid round (AI SOC replacing analysts? threat hunting copilots? baselining? autonomous pentest? AI-generated malware?) and conference plans for the rest of the year.

⏱️ Episode Breakdown
00:23 – Intro and welcome back from sabbatical

02:06 – Guest intro: Trent Lo (Surbo), Principal Security Researcher at Marsh

04:24 – THOR updates: new HEARTH features and ATHF recap

07:41 – April Dispatch posts: Vercel infostealer-to-SaaS hunt + Mythos Won’t Kill Threat Hunting

10:17 – What Mythos and Glasswing actually were vs. the marketing hype

15:37 – Where humans still win: judgment, intent, and what “agentic” really means

21:43 – What actually worries us about Mythos (hint: it’s the keyboard, not the model)

25:14 – Defense in the open and the widening have-and-have-nots gap

27:52 – Closed source vs. open source post-Mythos, and the CVE explosion problem

34:25 – How defenders can actually use AI: imposter syndrome, IR, and machine-scale hunting

39:56 – Defense at machine scale: resourced vs. under-resourced playbooks

46:46 – What a two-person team should prioritize (spoiler: patch your shit)

51:13 – ⚡ Myth or Signal rapid round

53:41 – Plugs, conferences, and Allbirds becoming an AI company

56:32 – Happy thrunting

More info:

https://dispatch.thorcollective.com/p/ask-a-thrunt3r-april-2026-signal

Date added	May 12, 2026, 10:14 p.m.
Source	Thor Collective
Subjects	AI/ML - Artificial Intelligence / Machine Learning / GenAI / Artificial General Intelligence - AGI - Various Anthropic Claude Mythos LLM - Large Language Model Claude 2 - second-gen AI chatbot - Anthropic PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.