
Federico Kirschbaum on XBOW, AI Hackers, and the Future of Pen Testing
From Three Buddy Problem by Security Conversations
May 25, 2026 · 58 min
About this episode
Federico Kirschbaum discusses the impact of AI on penetration testing and the future of offensive security.
( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's "Tales from the Trace," the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies. Plus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Federico Kirschbaum . Timestamps: 0:00 Fede's move to XBOW 2:20 What's XBOW building? An AI hacker for real vulnerabilities 5:53 Where the human stays in the loop 6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass 10:49 Does bug discovery still need a…
People in this episode
Hosts: Juan Andres Guerrero-Saade, Ryan Naraine
Guest: Federico Kirschbaum
Topics covered
- cybersecurity
- AI hacking
- penetration testing
- vulnerability exploitation
- software liability
Keywords
- AI hacker
- vulnerabilities
- pen-testing
- bug discovery
- software liability
- Ekoparty
- XBOW
Sponsors
TLPBLACK
Mentioned in this episode
Organizations: XBOW, Ekoparty, Security Lab, Metasploit, CORE, Satan
More episodes of Three Buddy Problem
- Mythos, Fable, and Anthropic's Big Trust Problem · June 12, 2026 · 1h 59m
- Fast16, Fanny, and Stuxnet: Cyber Paleontology Redux · June 5, 2026 · 2h 24m
- Microsoft Threatens Vuln Researchers; Shadow Brokers Revisited · May 30, 2026 · 1h 60m
- Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense · May 27, 2026 · 40 min
- Perri Adams on Proof Engines, LLMs, and the New Era of Verifiable Code · May 26, 2026 · 40 min
- Find 50,000 Bugs, Fix Zero: Gabriel Bernadett-Shapiro on the AI Vuln Trap · May 26, 2026 · 50 min
Explore listener stats, chart rankings, contacts and more on the Three Buddy Problem podcast page.