Security Conversations

Three Buddy Problem

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

Author

Security Conversations

Category

Technology

Latest episode

Jul 4, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Microsoft's Secret Weapon: The GDID That Caught 'Scattered Spider' Teen 04.07.2026

( Presented by Thinkst Canary : Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. ) Three...

US Gov Takes the Wheel: Who Gets to Use the Best AI? 29.06.2026

( Presented by Thinkst Canary : Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. ) Three...

Katie Moussouris on the Anthropic Export-Control Mess 19.06.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 102 : Software export controls expert Katie Moussouris joins the show to unpack the US government's abrupt move to suspend access to Anthropic's most powerful models over a so-called "jailbreak...

Mythos, Fable, and Anthropic's Big Trust Problem 12.06.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 101 : We discuss Anthropic's Mythos 5 and Claude Fable 5 release and the bombshell that the company was silently downgrading paid users' results, sparking a heated debate over guardrails, gatek...

Fast16, Fanny, and Stuxnet: Cyber Paleontology Redux 05.06.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 100 : We cover AI eating reverse engineering, the death of the malware report, running local models on the DGX Spark, where Google DeepMind stands, and whether the frontier labs will stay in cy...

Microsoft Threatens Vuln Researchers; Shadow Brokers Revisited 30.05.2026

( Presented by Ent.ai : Ent delivers intent-aware security that protects every action, adapts to every workflow, and works for every user. Enterprise threat detection, reimagined. ) Three Buddy Problem - Episode 99 : Microsoft is now threatening legal action against researchers who drop zero-days. We debate whether it's a fair line against extortion, or amateur-hour PR from a company that already...

Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense 27.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : Aaron Portnoy (Zero Day Initiative alum, early Pwn2Own organizer, and now at Mindgard) joins us at Ekoparty Miami to reminisce on the early days of the hacking contest, where vulnerabi...

Perri Adams on Proof Engines, LLMs, and the New Era of Verifiable Code 26.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : Perri Adams of DARPA AIxCC fame joins the show to chat about proof engines, formal methods, and why LLMs just made a once-niche corner of computer science suddenly essential. We get in...

Find 50,000 Bugs, Fix Zero: Gabriel Bernadett-Shapiro on the AI Vuln Trap 26.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : SentinelLabs researcher Gabriel Bernadett-Shapiro hops on the mic to unpack who gets to define what "security" even means in the age of AI, why venture capital keeps funding the wrong...

Federico Kirschbaum on XBOW, AI Hackers, and the Future of Pen Testing 25.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vul...

Jordan Wiens on AI, Offense vs. Defense, and the Dying CTF Pipeline 24.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why acc...

The AI-powered 10x patch tsunami has arrived. Now what? 15.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 98 : We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified t...

The disappointing death of big-game APT reporting 10.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 97 : We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into privat...

Cracking the Fast16 sabotage malware mystery 01.05.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 96 : We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietl...

Mark Dowd on AI hacking, exploit chains, zero-day sales 24.04.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 95 : Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why "Mark Dowd in a box" isn't quite the threat t...

The Angry Spark APT Mystery: A Year-Long Backdoor, One Victim, Zero Attribution 18.04.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 94 : We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that s...

The Claude Mythos, Project Glasswing Shockwave 10.04.2026

( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 93 : We discuss Anthropic's release of Claude Mythos Preview (an AI model so capable and dangerous they won't release it publicly) and debate the looming patching crisis, bug bounty extinction,...

LLMs writing exploits, engineers losing skills, and a case for the generative OS 03.04.2026

( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Three Buddy Problem - Episode 92 : Costin walks through real-world ranso...

Jeremy Banon: Personal Exec Compromise as Corporate Incident 01.04.2026

( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Security Conversations : Jeremy Bannon, founder/CEO of The Cyber Health...

Google's Cyber Disruption Unit; Coruna is Triangulation, US Bans Foreign-Made Routers 28.03.2026

( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Three Buddy Problem - Episode 91 : This week we dig into Google's new cy...

The greatest APT hunter of all time, Apple's exploit kit problem, Microsoft FedRAMP mess 20.03.2026

( Presented by Thinkst Canary : Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. ) Three...

Handala wiper attacks, APT28 implant devs are back, Signal's verification problems 14.03.2026

( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Three Buddy Problem - Episode 89 : We discuss Iran hacktivist group 'Han...

Trenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework 06.03.2026

( Presented by Thinkst Canary : Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. ) Three...

Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery 05.03.2026

( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins...

Threat Hunter Greg Linares on the modern ransomware playbook 03.03.2026

( Presented by TLPBLACK : High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows. ) Huntress threat intelligence analyst Greg Linares shares insights on the...

Listen to the Three Buddy Problem podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.