Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access.

Plus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform the cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development.

Cast: Brandon Dixon, Juan Andres Guerrero-Saade, and Ryan Naraine.

Links:

• Transcript (unedited, AI-generated)
• Brandon Dixon | LinkedIn
• Google 'Big Sleep' AI Issue Tracker
• XBOW - The road to Top 1: How XBOW did it
• Does “XBOW AI Hacker” Deserve the Hype?
• XBOW - Taking the Top Hacker in the US to New Heights: XBOW Raises $75M Series B
• NVIDIA: No Backdoors. No Kill Switches. No Spyware
• Nvidia reiterates its chips have no backdoors, urges US against location verification
• Google: Our Big Sleep agent makes a big leap
• Microsoft announces acquisition of RiskIQ
• RiskIQ attack surface management
• Brandon Dixon (SecurityConversations podcast)
• Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution