Three Buddy Problem·May 30, 2026·1h 59m

Microsoft Threatens Vuln Researchers; Shadow Brokers Revisited

Download audio Show notes Apple Podcasts Spotify

Show notes

(Presented by Ent.ai: Ent delivers intent-aware security that protects every action, adapts to every workflow, and works for every user. Enterprise threat detection, reimagined.)

Three Buddy Problem - Episode 99: Microsoft is now threatening legal action against researchers who drop zero-days. We debate whether it's a fair line against extortion, or amateur-hour PR from a company that already torched its own research community? Costin plays reluctant defender, JAGS says the damage was done years ago, and Ryan reopens the long history of silent fixes and stolen bounties.

Plus, on the 10th anniversary of the Shadow Brokers leak, we discuss some enduring mysteries, theories on attribution and an interesting trail that leads to Edward Snowden.

We also unpack Rob Joyce's warning that China's cyber explosives are already planted in US infrastructure, and the Pope's warnings about around artificial intelligence.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:
0:00 - Introductory banter
2:03 - The Pope's AI paper
3:35 - New sponsor: Brandon Dixon's Ent Security
9:34 - Costin's Chinese-model OSINT rabbit hole
13:34 - Codex, GPT-5.5, and the "American AI welfare state"
23:20 - Microsoft threatens vulnerability researchers
27:06 - Is it extortion or retribution? The disclosure fight
40:48 - How Microsoft's consultant class broke MSRC and MSTIC
48:42 - Silent fixes, stolen bounties, and the marketing machine
1:02:29 - Ten years of the Shadow Brokers
1:14:20 - The Snowden theory
1:32:34 - Rob Joyce: China's cyber explosives are in place
1:53:26 - Shout-outs

Links:

← Previous

Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense

( Presented by Ent.ai : Ent delivers intent-aware security that protects every action, adapts to every workflow, and works for every user. Enterprise threat detection, reimagined. ) Three Buddy Problem - Episode 99 : Microsoft is now threatening legal action against researchers who drop zero-days. We debate whether it's a fair line against extortion, or amateur-hour PR from a company that already torched its own research community? Costin plays reluctant defender, JAGS says the damage was done years ago, and Ryan reopens the long history of silent fixes and stolen bounties. Plus, on the 10th anniversary of the Shadow Brokers leak, we discuss some enduring mysteries, theories on attribution and an interesting trail that leads to Edward Snowden. We also unpack Rob Joyce's warning that China's cyber explosives are already planted in US infrastructure, and the Pope's warnings about around artificial intelligence. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Timestamps: 0:00 - Introductory banter 2:03 - The Pope's AI paper 3:35 - New sponsor: Brandon Dixon's Ent Security 9:34 - Costin's Chinese-model OSINT rabbit hole 13:34 - Codex, GPT-5.5, and the "American AI welfare state" 23:20 - Microsoft threatens vulnerability researchers 27:06 - Is it extortion or retribution? The disclosure fight 40:48 - How Microsoft's consultant class broke MSRC and MSTIC 48:42 - Silent fixes, stolen bounties, and the marketing machine 1:02:29 - Ten years of the Shadow Brokers 1:14:20 - The Snowden theory 1:32:34 - Rob Joyce: China's cyber explosives are in place 1:53:26 - Shout-outs Links: Transcript MSRC threat against security researchers Nightmare Eclipse Dennis Fisher: The Past is Always Present in Vulnerability Disclosure Introducing Claude Opus 4.8 Stolen Device Protection for iPhone Rob Joyce: China’s Cyber Explosives are in Place. Where’s our Response? China AI Security Testing Contest Brandon Dixon parses the AI security hype Ent -- Intent-Aware Security for the Enterprise Ent on LinkedIn