Live from Black Hat: Brandon Dixon parses the AI security hype

August 7th, 2025  |  1 hr 30 mins

ai, apt research, nation-state, zero-day

Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access.

Plus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development.

Cast: Brandon Dixon, Juan Andres Guerrero-Saade and Ryan Naraine.

Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days

July 25th, 2025  |  1 hr 55 mins

ai, apt research, nation-state, zero-day

Three Buddy Problem - Episode 55: We dig into Microsoft's latest security nightmare: a SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis, with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party.

We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Inside the Turla Playbook: Hijacking APTs and fourth-party espionage

December 7th, 2024  |  1 hr 47 mins

ai, apt research, nation-state, salt typhoon, turla, zero-day

Three Buddy Problem Episode 24: In this episode, we dig into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok.

Cast: Juan Andres Guerrero-Saade, Costin Raiu, Ryan Naraine.

Ep1: The Microsoft Recall debacle, Brad Smith and the CSRB, Apple Private Cloud Compute

June 22nd, 2024  |  46 mins 55 secs

ai, apple, csrb, microsoft

Welcome to Episode 1 of a brand new cybersecurity podcast discussing the biggest news stories of the week. Ryan Naraine hosts a fast-moving conversation with Juan Andres Guerrero-Saade (LABScon) and Costin Raiu (Art of Noh) on the Microsoft Recall debacle, the dark patterns emerging as big-tech embraces AI, Brad Smith's testimony and the lingering effects of the CSRB report, Apple's new Private Cloud Compute (PCC) infrastructure and Cupertino's long game. Oh, we also discuss the KL ban.

Ryan Hurst on tech innovation and unsolved problems in security

August 16th, 2023  |  42 mins 24 secs

ai, bgp, encryption, google, key management, microsoft, startups

Episode sponsors:

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Peculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.