
Three Buddy Problem
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks.
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
Latest episodes

Apr 25, 2025 • 1h 34min
Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security
Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights.
Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices.
Cast: Thomas Rid, Juan Andres Guerrero-Saade and Ryan Naraine. Costin Raiu is away this week.Links:Transcript (unedited, AI-generated)Anthropic: Exploring AI model welfare, consciousnessDavid Chalmers: Taking AI Welfare SeriouslySam Altman: AI privacy safeguards can’t be established before ‘problems emerge’TP-Link router pricing and China ties under US gov probeBloomberg: TP-Link’s US Future Hinges on Claimed Split From ChinaVerizon DBIR 2015 (full report)Mandiant M-Trends 2025 ReportFBI seeking tips about China's 'Salt Typhoon' hackersNorth Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ FeatureDan Geer on the realpolitik of cybersecurityLABScon 2025 CFP is openRansom War by Max Smeets

26 snips
Apr 17, 2025 • 1h 39min
China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles
The discussion kicks off with China's surprising revelations about alleged NSA cyber operatives and the geopolitical fallout of these cyber accusations. They dive into the mounting concerns surrounding Apple’s critical zero-day vulnerabilities and the shaky ground of the CVE funding crisis. Listeners gain insights into the balance between enhanced security features and user convenience, and the challenges faced by the tech community amidst rising costs of mobile exploits and external dependencies. The episode wraps with reflections on personal connections and resilience in the cybersecurity world.

Apr 4, 2025 • 1h 37min
NSA director fired, Ivanti's 0day screw-up, backdoor in robot dogs
Join a lively discussion on the NSA director's unexpected firing and its implications for national security. Delve into Ivanti's critical mismanagement of a VPN vulnerability that a Chinese APT exploited. Discover the fascinating keynote about trust in hardware supply chains and the risks of undocumented chip areas. Laugh at the idea of a backdoor found in a popular Chinese robot dog while pondering China's robotics market dominance. Moreover, gain insights into AI's role in identifying software vulnerabilities and Russian operatives impersonating the CIA.

43 snips
Mar 28, 2025 • 1h 53min
Signalgate and ID management hiccups, PuzzleMaker and Chrome 0days, Lab Dookhtegan returns
The podcast dives into the risks of using Signal for sensitive communications, highlighting its vulnerabilities and ethical dilemmas. There's speculation about Kaspersky's 'Operation Forum Troll' and discussions on mysterious APT campaigns. The return of Lab Dookhtegan sparks conversations about hack-and-leak strategies related to Iranian cyber operations. The hosts also debate the implications of lifting sanctions on Tornado Cash, touching on privacy concerns and cryptocurrency regulation. Expect humor and light-hearted tech banter throughout!

32 snips
Mar 21, 2025 • 1h 56min
China exposing Taiwan hacks, Paragon spyware and WhatsApp exploits, CISA budget cuts
Katie Moussouris, CEO of Luta Security and a pioneer in vulnerability disclosure, joins the conversation to shed light on crucial cybersecurity topics. They delve into China's recent exposure of Taiwan's APT actors and the implications of naming such entities. The discussion also covers the troubling rise of spyware, particularly relating to Paragon and WhatsApp. With a nod to the fragmented exploit markets, Moussouris highlights the urgent need for budget support for CISA amidst tightening financial constraints, emphasizing the broader impacts on cybersecurity.

Mar 14, 2025 • 2h 6min
A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting
This discussion dives into a trove of Microsoft zero-day vulnerabilities and Apple's security flaws in iOS. The hosts explore the implications of AI competition, particularly around OpenAI's stance on foreign AI technologies. They also dissect Juniper router backdoors and the challenges of detecting UEFI bootkits. In the crypto realm, the dangers of MEV sandwich attacks come to light, highlighting the chaotic dynamics of decentralized finance. Finally, they touch on the pressing issue of press freedom, spotlighting the challenges faced by journalists amid governmental pressures.

57 snips
Mar 8, 2025 • 1h 40min
Revisiting the Lamberts, i-Soon indictments, VMware zero-days
Explore the humorous challenges of cybersecurity naming conventions and the significance of International Women's Day in Eastern Europe. Dive into the complexities of U.S.-Russia cyber operations, the layered dynamics of political messaging, and the unique identifiers of the Blue Lambert malware. Discover the implications of recent VMware vulnerabilities and the ethical dilemmas surrounding state-sponsored hacking linked to private contractors. Conclude with a look at Apple's shift in spyware notifications and the alarming lessons from a massive cryptocurrency hack.

40 snips
Mar 1, 2025 • 1h 53min
Lazarus ByBit $1.4B heist was supply chain attack on developer
Dive into the thrilling world of cybersecurity as experts discuss the art of bug hunting, highlighting the mental resilience needed in the face of setbacks. Explore the shocking $1.4 billion Bybit heist linked to the Lazarus Group, examining the mechanics of supply chain attacks. The impact of AI on vulnerability discovery sparks debate on the balance of technology and human storytelling. Ethics in exploiting vulnerabilities and the changing U.S. cyber policy landscape are also key topics, revealing the complex interplay between security, privacy, and global dynamics.

32 snips
Feb 23, 2025 • 2h 7min
North Korea's biggest ever crypto heist: $1.4B stolen from Bybit
Dive into the staggering $1.4 billion Bybit heist, orchestrated by North Korea's Lazarus Group, raising serious questions about cryptocurrency security. The turmoil leads to humorous discussions on power outages and AI privacy policies. Explore Microsoft’s breakthrough in quantum computing and the implications of AI-driven privacy erosion. Discover how historical financial crimes relate to today's crypto dilemmas and hear about the challenges of detection in the face of evolving cyber threats. It’s a rollercoaster of tech, security, and geopolitical intrigue!

17 snips
Feb 15, 2025 • 1h 25min
An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug
Discover the astonishing hack that bypasses iPhone's USB Restricted Mode, unveiling complexities in smartphone security. Learn about a severe AMD microcode vulnerability that poses risks to cloud providers. The discussion dives into the challenges of defending against escalating cyber threats, including atrocious phishing campaigns by Russian actors. With a lighthearted twist, explore the importance of fitness in tech and celebrate the unsung heroes keeping us safe in cybersecurity. Tune in for a mix of critical insights and amusing anecdotes!
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.