About this episode
Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy.
Plus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies.
Cast: Dave Aitel (Technical Staff, OpenAI), Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Episode 70 Livestream - YouTubeAardvark: OpenAI’s agentic security researcherTBP episode on OpenAI’s Aardvark How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementationEx-US cyber intel exec pleads guilty to selling spy tools to Russian brokerEx-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm
