OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
Description
Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy.
Plus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies.
Cast: Dave Aitel (Technical Staff, OpenAI), Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Links:
- Transcript (unedited, AI-generated)
- Episode 70 Livestream - YouTube
- Aardvark: OpenAI’s agentic security researcher
- TBP episode on OpenAI’s Aardvark
- How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
- Ex-US cyber intel exec pleads guilty to selling spy tools to Russian broker
- Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm
- Kim Zetter: Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being "Utilized" by Different Broker in South Korea
- How we linked ForumTroll APT to Dante spyware by Memento Labs
- CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
- Russia's new vuln disclosure law proposal
- TBP Live in Ottawa
- Binding Hook Live
- State of Statecraft
- Ekoparty Miami
United States
