

Three Buddy Problem
Security Conversations
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks.
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
Episodes
Mentioned books

50 snips
Aug 29, 2025 • 2h 25min
Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click
The podcast dives into the implications of the Salt Typhoon advisory, analyzing its delayed release and useful insights for defenders. Discussion revolves around Google’s new cyber disruption unit and the ethical dilemmas it presents. The role of AI in enhancing threat detection is examined, along with the troubling vulnerabilities in WhatsApp that threaten user security. Additional topics include a new Chinese APT report, Amazon's disruption of APT29, and the importance of precise terminology in understanding evolving cyber threats.

6 snips
Aug 22, 2025 • 2h 32min
Zero-day reality check: iOS exploits, MAPP in China and the hack-back temptation
The latest discussion dives into Apple's emergency iOS patch and the implications of zero-click threats. The speakers highlight the murky waters of cybersecurity, exploring how nation-states exploit vulnerabilities and the blurred lines between crime and advanced persistent threats. A hot topic is the debate over Microsoft's restrictive access for Chinese vendors and the controversial idea of 'letters of marque' for cyber offense. The episode wraps up with insights into ransomware threats and the challenges of legacy devices, stressing the need for innovative security solutions.

30 snips
Aug 15, 2025 • 1h 58min
On AI’s future, security’s failures, and what comes next...
The hosts dive into the challenges of scaling tech products within large corporations like Microsoft while navigating corporate politics. They explore the AI startup boom and its risks, likening it to the dot-com bubble. The conversation shifts to the geopolitical landscape of GPU technology and export controls, particularly regarding China. They scrutinize recent cybersecurity vulnerabilities and their implications for national security, highlighting urgent privacy issues. The hosts also tease an upcoming live event, blending anticipation with humor.

13 snips
Aug 7, 2025 • 1h 30min
Live from Black Hat: Brandon Dixon parses the AI security hype
Brandon Dixon, a veteran in the threat intelligence community and former Microsoft employee, dives into the intersection of AI and cybersecurity. He discusses Google's Big Sleep project and the potential of AI in code analysis and automation. The conversation critiques modern software development inefficiencies and the impact of corporate acquisitions on cybersecurity tools. Dixon emphasizes the need for collaboration between tech giants and the community while exploring the future of SOC automation and geopolitical issues affecting AI technologies.

5 snips
Aug 1, 2025 • 1h 52min
Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service
Dakota Cary, a China-focused consultant at SentinelOne and a fellow at the Atlantic Council, dives deep into the dark waters of China's cyber ecosystem. He sheds light on APT contractors and their links to espionage-as-a-service. The discussion reveals the intricate ties between hackers and the state security apparatus, complicating attribution efforts. Cary reflects on the need for a cultural shift in U.S. intelligence to tackle these evolving threats while also examining the geopolitical fallout of recent cyber intrusions targeting places like Singapore.

4 snips
Jul 25, 2025 • 1h 55min
Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days
A critical vulnerability in Microsoft SharePoint sparks national security concerns, with state-sponsored hackers exploiting faulty patches. The discussion highlights the chaotic landscape of cybersecurity practices and the challenges posed by outdated collaboration tools. Privacy issues are further scrutinized, including Microsoft’s past responses to data exposures. Plus, a humorous, cautionary tale unfolds about AI mishaps in coding, underscoring the need for robust protocols in tech development. Insights on consciousness and its links to language also provide a thought-provoking twist.

6 snips
Jul 18, 2025 • 1h 49min
Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese ‘digital escorts’
Discover the shocking vulnerability in U.S. train braking systems that could allow remote hijacking. Unravel the impact of new UK sanctions against Russia's GRU and the scrutiny on pro-Russian hacktivists. Delve into the dark world of 'war influencers' sharing graphic content online and the challenges of international accountability. Explore Microsoft's controversial reliance on Chinese engineers for U.S. cloud systems, and the rapid evolution of AI technologies and their security implications, all packed with humor and insightful commentary.

27 snips
Jul 10, 2025 • 1h 49min
How did China get Microsoft's zero-day exploits?
Discover the fascinating case of the first arrest of a Chinese intelligence-linked hacker in Italy. The discussion delves into the notorious HAFNIUM group, uncovering how they accessed Microsoft Exchange zero-days. Analyze the competitive cyber capabilities between the U.S. and China, and explore the rise of 'cyber militias' in the region. The episode also tackles cybersecurity challenges related to young offenders, the impact of drone technology in warfare, and the effectiveness of current cybersecurity tools.

34 snips
Jul 3, 2025 • 1h 34min
Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT
Dive into the latest cybersecurity revelations, highlighting France's exposure to Ivanti VPN zero-days and the intricate links to a North American threat actor known as 'Night Eagle.' Explore the complexities of cyber attribution, particularly amid geopolitical tensions and the reliability of threat intelligence from different regions. The hosts also discuss significant breaches, like Iran's Nobitex crypto-exchange hack, and ponder the implications of containment claims surrounding China's 'Salt Typhoon.' It's a fascinating look at the evolving landscape of cyber threats!

94 snips
Jun 20, 2025 • 3h 7min
Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks
Hamid Kashfi, a former researcher at Immunity/Trail of Bits with expertise in the Iran-Israel cyber conflict, joins the discussion. They delve into the shadowy group Predatory Sparrow and its cyber operations during the Israel-Iran war. The conversation covers a shocking $90 million cryptocurrency disappearance linked to hacktivism, the human impact of ATM outages, and the blurred lines between grassroots cyber activism and state-sponsored attacks. Kashfi offers on-the-ground insights into Iran's cyber capabilities amid ongoing geopolitical tensions.