Mark Dowd on AI hacking, exploit chains, zero-day sales
April 24th, 2026
2 hrs 2 mins 18 secs
Your Host
Tags
About this Episode
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)
Three Buddy Problem - Episode 95: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why "Mark Dowd in a box" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains.
Plus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox.
We discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job.
Cast: Mark Dowd, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Timestamps:
0:00 Introductions
4:28 The origin story of Azimuth: why go offensive?
6:26 Stresses of running an offensive research business
12:10 "Mark Dowd in a box" — is AI an existential threat to vuln research?
16:13 Using AI in workflow: frontier models vs. local models
22:05 AI in bug-finding vs. exploit implementation
30:30 Watching AI tear through a firmware backdoor
38:23 Artificial guardrails and the "POC" wall
43:25 Will AI commoditize 0days? The high-end vs. low-end vendor split
57:30 How AI disrupts exploit chain pricing
1:05:18 Does persistence still matter? Should you reboot your phone?
1:09:33 Lockdown Mode, MIE, and Apple's "never been compromised" claim
1:14:25 Do mitigations really work, or are we stuck in an endless loop?
1:23:25 Android vs. iOS vs. Huawei's HarmonyOS Next
1:34:44 Exploit leaks, customer vetting, and OpSec fears
1:41:37 GrapheneOS, Samsung Knox and baseband attacks
1:53:56 Did the exploit market save us from encryption backdoors?
1:55:11 What does the threat-intel community get wrong about vuln research?
Episode Links
- Transcript
- Vigilant Labs
- Mark Dowd at BlueHat: Inside the Zero Day Market
- The Art of Software Security Assessment [Book]
- Mark Dowd on X
- Trenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework
- Apple: Memory Integrity Enforcement
- Cost of Sandboxing Prompts Shift to Memory-Safe Languages
- Dowd: Memory Corruption Mitigations Doing Their Job
- TLPBLACK
- LABScon 2026 Call for Papers
- Apple paying big bounty for wireless proximity-based attacks