Three Buddy Problem What's behind US gov push to 'privatize' cyber operations?
Dec 20, 2025
The discussion delves into the U.S. government's new strategy to enlist private firms for offensive cyber operations. They explore the implications of legal complexities surrounding letters of marque for cartels. Insight is provided on the emergence of vulnerabilities, including Apple and Cisco zero-days. Uncoveries of Belarusian spyware targeting journalists are alarming. Amazon's detection of a North Korean infiltrator through unique keystroke lag adds a twist, showcasing the intersection of advanced technology with security challenges.
AI Snips
Chapters
Transcript
Episode notes
High Bug Density Can Precede Code Hardening
- React-related vulnerabilities have high initial discovery density but sustained attention may harden the codebase over time.
- Costin Raiu and Juan Andres Guerrero-Saade note hosted platforms patching can dramatically reduce exposed footprint quickly.
Privatizing Offensive Cyber Creates A Market
- The US push to enlist private firms aims to create a market and attract investors and primes into offensive cyber capabilities.
- Juan Andres Guerrero-Saade warns the move signals companies and VCs to prepare to service government demand rather than just public persuasion.
Policy Spurs VC And Prime Consolidation
- Changing policy alone won't create capability; it triggers VC and prime activity to build the new sector.
- Juan Andres Guerrero-Saade expects existing defense primes to buy startups that feed offensive cyber needs.