Three Buddy Problem cover art

Three Buddy Problem

Three Buddy Problem

By: Security Conversations
Listen for free

About this listen

 The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).© 2025 The Naraine Group Politics & Government
Episodes
  • Live from Black Hat: Brandon Dixon parses the AI security hype

    Live from Black Hat: Brandon Dixon parses the AI security hype
    Aug 7 2025
    Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access. Plus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform the cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development. Cast: Brandon Dixon (https://www.linkedin.com/in/brandonsdixon/), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), and Ryan Naraine (https://twitter.com/ryanaraine).
    Show More Show Less
    1 hr and 30 mins
  • Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service

    Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service
    Aug 1 2025
    Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps. Cast: Dakota Cary (https://www.linkedin.com/in/dakotacary/), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
    Show More Show Less
    1 hr and 52 mins
  • Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days

    Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days
    Jul 25 2025
    Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party. We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
    Show More Show Less
    1 hr and 55 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.