 |
Three Buddy ProblemA Security Conversations podcast Author: Security Conversations
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others wont -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs). Language: en-us Genres: News, Tech News, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
LLMs writing exploits, engineers losing skills, and a case for the generative OS
Friday, 3 April, 2026
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. 0:00 – Introductory banter 2:00 – Costin's ransomware incident response work 3:30 – How attackers break in: Fortinet vulnerabilities everywhere 6:30 – Hunting for ransomware decryption keys 9:00 – Breaking into ransomware C2s and monitoring leak sites 12:00 – The ransom payment debate: should you ever pay? 16:00 – Why "don't pay the ransom" is overgeneralized 21:00 – How ransomware gangs price their demands 24:00 – The AI-pilling of the security industry 28:30 – Nicholas Carlini, Ptacek, and "vulnerability research is cooked" 35:00 – Towards a generative-first operating system 41:00 – Code factories, trusted computing, and killing dependencies 48:00 – Microsoft and Apple's AI positioning 56:00 – Chris St. Myers' "Cognitive Rust Belt" essay 1:18:00 – Choice, The Matrix, and the illusion of control 1:38:00 – Supply chain attacks, North Korea, and dependency sprawl
