Three Buddy Problem

The AI-powered 10x patch tsunami has arrived. Now what?

Listen Later

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 98: We dive back into the fast16 malware discovery with fresh speculation that it's targeting spherical implosion simulations for Iran's nuclear program, and wonder who on earth is qualified to confirm this.

Plus, thoughts on OpenAI's new three-tier cyber access program, Microsoft's MDASH harness, the 10x Patch Tuesday tsunami, Cloudflare's 1,100 layoffs blamed on AI, and why frontier-lab guardrails may just be elaborate security theater.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:

0:00 - Introductory banter
3:19 - fast16 update: spherical implosion simulations?
9:01 - Manhattan Project precedent — why this matches Iran
12:28 - Who can actually reproduce the FAST 16 attack?
19:32 - Google GTIG's "AI-written" zero-day
22:13 - The rise of AI-backend "silent detections"
25:54 - Guardrails as security theater
38:47 - Are the 10x patch numbers real defense?
43:48 - OpenAI's Trusted Access tiers + Microsoft MDASH
53:35 - End of the ‘patch-and-pray’ model
57:50 - Sean Heelan: strict harnesses can make models worse
1:03:51 - Pwn2Own Berlin overflow and bug-density debate
1:12:24 - Cloudflare's 1,100 layoffs and AI as scapegoat
1:27:42 - RCS encryption, Android Intrusion Logging, Seedworm & Kazuar

Links:

  • Transcript
  • fast16 malware targeting spherical implosion simulations
  • fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
  • Cracking the Fast16 sabotage malware mystery
  • GTIG on AI Exploit Generation Discovery
  • iOS 26.5 Security Bulletin
  • End-to-end encrypted RCS messaging hits beta
  • Android adds 'Intrusion Logging' feature
  • Google: Log your Android device activity
  • Microsoft MDASH new multi-model agentic security system
  • Daybreak | OpenAI for cybersecurity
  • Pwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo
  • Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker
  • Kazuar: Anatomy of a nation-state botnet (Microsoft)
  • Ekoparty Miami
  • LABScon 2026
  • TLPBLACK
    • ...more
    View all episodesView all episodes
    Download on the App Store
    Three Buddy ProblemBy Security Conversations
    • 4.9
    • 4.9
    • 4.9
    • 4.9
    • 4.9

    4.9

    61 ratings

    More shows like Three Buddy Problem

    View all
    Hacked by Hacked

    Hacked

    191 Listeners

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

    368 Listeners

    Risky Business by Risky Business Media

    Risky Business

    375 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    649 Listeners

    CyberWire Daily by N2K Networks

    CyberWire Daily

    1,026 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    316 Listeners

    Click Here by Recorded Future News

    Click Here

    418 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,048 Listeners

    Cybersecurity Today by Jim Love

    Cybersecurity Today

    179 Listeners

    Hacking Humans by N2K Networks

    Hacking Humans

    314 Listeners

    CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

    CISO Series Podcast

    192 Listeners

    Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

    Defense in Depth

    73 Listeners

    Cybersecurity Headlines by CISO Series

    Cybersecurity Headlines

    137 Listeners

    Risky Bulletin by Risky Business Media

    Risky Bulletin

    45 Listeners

    The 404 Media Podcast by 404 Media

    The 404 Media Podcast

    394 Listeners