Three Buddy Problem
Three Buddy Problem
Three Buddy Problem·Jul 4, 2026·1h 36m

Microsoft's Secret Weapon: The GDID That Caught 'Scattered Spider' Teen

Show notes

(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)

Three Buddy Problem - Episode 104: We discuss the return of Anthropic's Fable 5 from export-control suspension with guardrails so aggressive that spelling "exploit" gets you downgraded. Plus, a debate on AI frontier labs killing businesses at scale, and OpenAI offering equity to the US government.

Also, buried on page nine of a 'Scattered Spider' arrest indictment: Microsoft's never-before-detailed GDID device identifier, a persistent Windows fingerprint with massive implications for OPSEC, privacy, and APT tracking.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:
0:00 Cold open: Heat wave in Washington DC
3:45 Fable 5 returns after the 15-day timeout
5:21 "Refined classifiers" and the downgrade-to-Opus mess
8:23 Codex vs. Claude: real-world malware analysis test
12:41 Who are the guardrails for? Defenders locked out
19:13 What even is a "jailbreak assessment framework"?
21:37 Two theories: failed PR vs. killing a thousand startups
24:59 Could the labs build kernels or a whole OS?
31:38 Bureaucracy is the moat
36:09 Can AI actually run an attack? (Spoiler: 14 detections)
47:01 OpenAI offers the US government a 5% stake
58:16 Scattered Spider arrest and Microsoft's GDID revelation
1:12:02 OPSEC fallout: how APT groups adapt to device telemetry
1:27:18 UFO update, shout-outs from Seoul

Links: