
Mark Dowd on AI hacking, exploit chains, zero-day sales
From Three Buddy Problem by Security Conversations
April 24, 2026 · 2h 2m
About this episode
Mark Dowd discusses the implications of AI on offensive research and the exploit market.
( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem - Episode 95 : Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why "Mark Dowd in a box" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains. Plus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox. We discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job. Cast: Mark Dowd , Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu…
People in this episode
Hosts: Juan Andres Guerrero-Saade, Ryan Naraine, Costin Raiu
Guest: Mark Dowd
Topics covered
- AI hacking
- exploit chains
- vulnerability discovery
- offensive research
- cybersecurity economics
- device security
Keywords
- AI
- exploit market
- vulnerability
- offensive research
- cybersecurity
- Lockdown Mode
- baseband attacks
- customer vetting
Sponsors
TLPBLACK
Mentioned in this episode
Organizations: Vigilant Labs, Apple, HarmonyOS, GrapheneOS, Samsung Knox
Books & works: The Art of Software Security Assessment
More episodes of Three Buddy Problem
- Mythos, Fable, and Anthropic's Big Trust Problem · June 12, 2026 · 1h 59m
- Fast16, Fanny, and Stuxnet: Cyber Paleontology Redux · June 5, 2026 · 2h 24m
- Microsoft Threatens Vuln Researchers; Shadow Brokers Revisited · May 30, 2026 · 1h 60m
- Aaron Portnoy on Pwn2Own, the End of Easy Bugs, and AI-Fueled Offense · May 27, 2026 · 40 min
- Perri Adams on Proof Engines, LLMs, and the New Era of Verifiable Code · May 26, 2026 · 40 min
- Find 50,000 Bugs, Fix Zero: Gabriel Bernadett-Shapiro on the AI Vuln Trap · May 26, 2026 · 50 min
Explore listener stats, chart rankings, contacts and more on the Three Buddy Problem podcast page.