Three Buddy Problem

Hosted by Security Conversations

Technology Business Entrepreneurship NewsInterviews guestsExplicit

Website RSS feed

Episodes

228

Latest episode

Jun 2026

Language

EN-US

About the show

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

Listen to episodes

60 recent

June 12, 20261 hr 59 min

Mythos, Fable, and Anthropic's Big Trust Problem

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 101: We discuss Anthropic's Mythos 5 and Claude Fable 5 release and the bombshell that the company was silently downgrading paid users' results, sparking a heated debate over guardrails, gatekeeping, and whether elite AI reasoning is becoming a privilege for the few. Plus, AI-generated N-day exploits killing the patch window, a record-shattering Patch Tuesday, Meta's latest court filing against spyware maker NSO Group, the return of cyber paleontology, and a detour into the new government UFO drops. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - Introductory banter 3:22 - The Mythos 5 / Claude Fable 5 release 14:42 - Anthropic’s silent downgrade trust problem 26:18 - Anti-competitive behavior & the AV "stealing detection" parallel 32:29 - Distillation, China & the real motive 38:04 - "Too dangerous to release" & gatekeeping vs. guardrailing 45:53 - Is Mythos a threat to malware-analysis startups? 48:20 - Dario's AI regulation essay 56:48 - N-day exploits and death of the patch window 1:07:18 - Patch Tuesday and 10x vulnerability surge 1:10:34 - Meta catches NSO Group 1:14:45 - Cyber paleontology, Shadow Brokers leaks 1:28:29 - Moonlight Maze and learning from history 1:34:22 - UFOs, UAPs and Disclosure Day

June 5, 20262 hr 24 min

Fast16, Fanny, and Stuxnet: Cyber Paleontology Redux

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 100: We cover AI eating reverse engineering, the death of the malware report, running local models on the DGX Spark, where Google DeepMind stands, and whether the frontier labs will stay in cybersecurity. Plus, more on Anthropic's Mythos rollout and the thinly sourced Anthropic-NSA reports, the Fast16 sabotage of physics calculations, what researchers choose not to publish, Microsoft's bad Black Hat email, and Costin's Friday UFO files. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - JAGS at InfoSecurity Europe 3:40 - Sponsor: TLPBLACK 5:54 - A roadmap for security after the AI revolution 11:01 - Stripe Atlas and how easy it is to start a company 15:00 - If anyone could reverse engineer anything for $5 19:49 - Layoffs at Google's Threat Intelligence Group 21:06 - The death of reading the report 27:53 - Pitting the AI models against each other 32:07 - Grok, local models, and the DGX Spark 39:27 - Where is Google DeepMind? 45:29 - Will the frontier labs stay in cybersecurity? 52:41 - Mythos, Project Glasswing, and the NSA deal 1:16:33 - FAST16, Stuxnet, and sabotaging Iran's bomb 1:57:52 - Microsoft, Black Hat, and the chilling effect 2:14:14 - Shout-outs, UFO files, and 100 episodes

May 30, 20261 hr 59 min

Microsoft Threatens Vuln Researchers; Shadow Brokers Revisited

(Presented by Ent.ai: Ent delivers intent-aware security that protects every action, adapts to every workflow, and works for every user. Enterprise threat detection, reimagined.) Three Buddy Problem - Episode 99: Microsoft is now threatening legal action against researchers who drop zero-days. We debate whether it's a fair line against extortion, or amateur-hour PR from a company that already torched its own research community? Costin plays reluctant defender, JAGS says the damage was done years ago, and Ryan reopens the long history of silent fixes and stolen bounties. Plus, on the 10th anniversary of the Shadow Brokers leak, we discuss some enduring mysteries, theories on attribution and an interesting trail that leads to Edward Snowden. We also unpack Rob Joyce's warning that China's cyber explosives are already planted in US infrastructure, and the Pope's warnings about around artificial intelligence. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - Introductory banter 2:03 - The Pope's AI paper 3:35 - New sponsor: Brandon Dixon's Ent Security 9:34 - Costin's Chinese-model OSINT rabbit hole 13:34 - Codex, GPT-5.5, and the "American AI welfare state" 23:20 - Microsoft threatens vulnerability researchers 27:06 - Is it extortion or retribution? The disclosure fight 40:48 - How Microsoft's consultant class broke MSRC and MSTIC 48:42 - Silent fixes, stolen bounties, and the marketing machine 1:02:29 - Ten years of the Shadow Brokers 1:14:20 - The Snowden theory 1:32:34 - Rob Joyce: China's cyber explosives are in place 1:53:26 - Shout-outs

May 27, 202640 min

Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: Aaron Portnoy (Zero Day Initiative alum, early Pwn2Own organizer, and now at Mindgard) joins us at Ekoparty Miami to reminisce on the early days of the hacking contest, where vulnerabilities actually live (the boundaries between systems, not inside them), why LLMs will take out the trash but can't dream up the next speculative-execution-class bug, and the coming patching apocalypse when discovery 10x's overnight. Plus, why your SOC is a forensic historian, the promise of hijacking an attacker's reward loop with deception tech, and the legendary story of carrying a Walmart "fat stack" of cash to bootstrap Ekoparty in Buenos Aires. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Aaron Portnoy. Timestamps: 0:00 — Introductory banter 1:17 — Dropping out, iDefense, and getting good at reversing everything 2:19 — How Pwn2Own got started 4:15 — The most impressive Pwn2Own ever: Nils, VUPEN, and exploit "art" 5:59 — "iPhone hacked in 30 seconds" — and the 18 months behind it 6:41 — Does Pwn2Own still have a place in the AI era? 9:16 — Why LLMs take out the trash but can't invent the next bug class 12:48 — Will LLMs deliver new mitigation classes? Aaron's skeptical 18:34 — The place of the human when the easy bugs run dry 21:08 — Cognitive offloading, Halvar's warning, and skill rot 22:39 — Decompiling 800k functions: Aaron's LLM "holy shit" moment 25:26 — The patching apocalypse and why "assume breach" breaks 28:15 — Compounding asymmetries: why offense just transcended defense

May 26, 202640 min

Perri Adams on Proof Engines, LLMs, and the New Era of Verifiable Code

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: Perri Adams of DARPA AIxCC fame joins the show to chat about proof engines, formal methods, and why LLMs just made a once-niche corner of computer science suddenly essential. We get into why verifiers and proof engines are the key to effective AI, why vulnerability research is so far ahead of threat intel, and the case for baking security checks directly into code generation tools like Claude Code and Codex. Plus, designing a multi-million dollar challenge that's allowed to fail, the Mythos "too dangerous to release" debate, and musings on every LLM-discovered bug being a public bug by default. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Perri Adams. Timestamps: 0:00 — Introductory banter 1:09 — Why LLMs just made formal methods relevant again 4:03 — Proof engines, explained 8:43 — Can a layman grab this fire? The calculus problem 11:58 — Vuln researchers are scrappy kids with a trust fund 14:55 — Pitching AIxCC inside DARPA: hard sell or easy sell? 18:00 — Designing a challenge that's allowed to fail 22:06 — Inside Team Atlanta's 150-page winning system 24:00 — Why this is bigger for defense than for offense 31:49 — Mythos, safeguards, and "every LLM bug is a public bug"

May 26, 202649 min

Find 50,000 Bugs, Fix Zero: Gabriel Bernadett-Shapiro on the AI Vuln Trap

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: SentinelLabs researcher Gabriel Bernadett-Shapiro hops on the mic to unpack who gets to define what "security" even means in the age of AI, why venture capital keeps funding the wrong things, and how the frontier labs quietly ate everyone's coding harness. Plus, how AI actually contributed to cracking the FAST 16 research, overcoming the guardrails, and why your domain expertise is the only thing keeping you out of full-blown rabbit-hole psychosis. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Gabriel Bernadett-Shapiro. Timestamps: 0:00 Introductory banter 4:55 Gabe returns: how the models got scary-good at code 8:45 Bay Area short-termism and the "10x in 18 months" trap 11:35 VCs as tastemakers, and why that's broken 13:00 The unpaid-labor pipeline into the AI labs 18:00 The real misunderstanding about security's moat 20:18 Bug bounties: a net negative for the industry? 22:20 The great vuln fire sale — find 50,000, fix zero 27:28 Who will maintain vetted open-source libraries? 29:29 FAST 16: how AI actually broke the case open 35:05 The rabbit-holing machine and the path to "AI psychosis" 41:05 Stuxnet, Kim Zetter, and the story we'll never be told

May 25, 202658 min

Federico Kirschbaum on XBOW, AI Hackers, and the Future of Pen Testing

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's "Tales from the Trace," the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies. Plus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Federico Kirschbaum. Timestamps: 0:00 Fede's move to XBOW 2:20 What's XBOW building? An AI hacker for real vulnerabilities 5:53 Where the human stays in the loop 6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass 10:49 Does bug discovery still need a human asking the right question? 16:24 A short history: Satan, CORE, Metasploit, bug bounties 18:48 An LLM-discovered bug is public by definition 24:12 Halvar Flake's laziness worry & the assembly-to-C parallel 29:47 Rising tides: script kiddies get the full gamut 41:02 The economics: does pentesting get cheap? 43:18 Argentina, Ekoparty, and an untapped talent pipeline

May 24, 202644 min

Jordan Wiens on AI, Offense vs. Defense, and the Dying CTF Pipeline

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real frontier. Plus, thoughts on AI disruption and why "the model can do it" misses the point that the model is just driving the tool, what verifiability really means, whether AI tilts the field toward offense or defense, and questions around subsidized tokens, the collapse of the CTF talent pipeline, and what happens to a craft when the shortcut is always one prompt away. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Jordan Wiens. Timestamps: 0:00 Introductory banter 1:22 Vector 35 and the origin of Binary Ninja 2:32 From CTFs and SCIFs to building a decompiler 3:27 Before Ghidra: when an IDA license was out of reach 9:47 Language-specific decompilation: Rust, C++, and Go 12:47 Running a 17-person bootstrapped shop with no org chart 13:50 DARPA money, In-Q-Tel, and staying independent 15:23 AI as disruptor: the model drives the tool 18:06 Verifiability and the Fast16 reversing story 25:10 How AI actually gets used inside the company 28:52 Frontier models and guardrails 33:30 Will AI favor offense or defense? 40:51 Shrinking CTF talent pipelines

May 15, 20261 hr 50 min

The AI-powered 10x patch tsunami has arrived. Now what?

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this. Plus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - Introductory banter 3:19 - fast16 update: spherical implosion simulations? 9:01 - Manhattan Project precedent — why this matches Iran 12:28 - Who can actually reproduce the FAST 16 attack? 19:32 - Google GTIG's "AI-written" zero-day 22:13 - The rise of AI-backend "silent detections" 25:54 - Guardrails as security theater 38:47 - Are the 10x patch numbers real defense? 43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH 53:35 - End of the ‘patch-and-pray’ model 57:50 - Sean Heelan: strict harnesses can make models worse 1:03:51 - Pwn2Own Berlin overflow and bug-density debate 1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat 1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm & Kazuar

May 10, 20262 hr 2 min

The disappointing death of big-game APT reporting

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 97: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms. Plus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - Introductory banter 1:17 - Inside TLP-Red: writing hashes by hand 3:57- fast16 fallout and the threat intel trust collapse 9:17 - The death of cyber paleontology on Windows 14:49 - Mobile is the new paleontology frontier 15:48 - When threat intel went private: the CrowdStrike effect 23:29 - Falling sideways into intelligence brokerage 36:05 -- AI, Easter eggs, and the loss of malware artistry 47:22 -- Will the Frontier Labs publish threat intel? 51:43 -- fast16 follow-up reports coming 1:09:38 - Mythos, Aardvark, and the patch tsunami 1:15:33 - CopyFail and the Linux reboot crisis 1:51:05 - UAPs, Pulitzers, last-ever LabsCon, and shoutouts

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Technology podcasts

SowGrow Marketing Council

sgmc

BusinessMarketing

Toldjya Finance Podcast

Zac Huish, Cameron Cooke, and Paul Lamb

BusinessInvesting