Detection Dispatch (Alex's Version) episode two brings on the person who treats detection engineering like an actual craft....not a vendor feature list, not a MITRE bingo card, not a vibe coded rule you ship and forget. Hayden teaches detection engineering at Antisyphony Training and runs the SOC at Black Hills Information Security, which means he's not theorizing. He's got the reps, the scars, and even a home SIEM with documentation. This is the episode for practitioners who are watching Claude write their detections and quietly wondering if they're slowly getting worse at their job.

In this episode we cover:

• The detection lifecycle nobody actually closes: research, write, validate and the canary step that tells you whether your thousand rules are quietly dead in the water six months from now.
• The CTI firehose problem. When every vendor blog is just an ad wearing a threat report costume, how do you find the gold? (Hint: DFIR Report and Google TI don't need your clicks)
• AI writing detections: yes, with caveats. No for junior engineers who've never written a query. And absolutely not without a review agent, an experimental pipeline, and final approval from a human who still knows how to dribble the ball.
• Why you cannot send AI out like a Pokémon and what happens to your detection program when you try.

Find Hayden at @kilobytethedust and at antisyphontraining.com.

Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

Detection Dispatch (Alex's Version) premieres with John Hammond...Huntress senior researcher, former DoD red team, the guy 2M+ people watch break attacks down in real time for the red-meets-blue conversation the week forced into existence. Alex came up blue. John came up red. They meet in the middle on the three stories eating the industry alive.

In this episode we cover:

• Axios: one patient social engineer, a fake founder Slack workspace, and an NPM maintainer who never stood a chance.
• The lethal trifecta: private data, untrusted content, network egress. When all three show up in one agent, there be dragons. Why prompt injection isn't getting solved, and what that means for your MCP sprawl.
• Mythos + Project Glasswing
• The red teamer's detection wishlist

Find John at @_JohnHammond, jh.live, and on Huntress's Declassified.