Security research has reached a pivotal moment. Sean Heelan's recent discovery of CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel's SMB implementation, using OpenAI's o3 model exemplifies this shift. This isn't merely about a new vulnerability; it's about a transformative approach to identifying such flaws.
Why This Discovery Is Important
Heelan employed OpenAI's o3 model to analyze the ksmbd component of the Linux kernel, which handles SMB3 protocol operations. Without any specialized tools or frameworks—just direct interaction with the o3 API, he uncovered a use-after-free vulnerability in the 'logoff' command handler. This bug arises when concurrent connections to the server share objects in specific circumstances, leading to potential memory corruption and arbitrary code execution.
The significance lies not only in the vulnerability itself but in the method of discovery. o3's ability to reason about complex, concurrent code paths without human intervention marks a substantial advancement in AI-assisted security research.
Implications for Security Research and Red Teaming
This development suggests a future where AI models like o3 become integral to security workflows:
- Automated Code Auditing: AI can assist in reviewing large codebases, identifying potential vulnerabilities that might be overlooked by human analysts.
- Enhanced Red Team Operations: Red teams can leverage AI to simulate sophisticated attack vectors, improving the robustness of security assessments.
- Accelerated Vulnerability Discovery: AI models can expedite the identification of complex bugs, reducing the time between vulnerability emergence and mitigation.
Kodem and the Value of Runtime Analysis
While o3 showcases the power of AI in static code analysis, Kodem complements this by focusing on runtime security. Kodem's platform integrates code and runtime analysis, providing real-time insights into application behavior. By observing applications during execution, Kodem identifies vulnerabilities that manifest only under specific runtime conditions. (kodemsecurity.com)
This approach ensures that security teams can detect and remediate issues that traditional static analysis might miss, enhancing overall application security posture.(OX Security)
The Future of Application Security
The convergence of AI-driven code analysis and runtime monitoring heralds a new era in cybersecurity:
- Proactive Defense: Combining tools like o3 and Kodem enables organizations to anticipate and address vulnerabilities before they can be exploited.
- Comprehensive Coverage: Integrating static and dynamic analysis ensures a holistic view of application security, covering both code and operational behavior.
- Efficient Resource Allocation: By automating parts of the security assessment process, teams can focus their efforts on addressing the most critical issues.
In conclusion, the integration of AI models like o3 and platforms like Kodem represents a significant advancement in security research. By embracing these tools, security professionals can enhance their capabilities, proactively defend against emerging threats, and usher in a new standard for application security.
References
- Heelan, S. (2025). How I used o3 to find CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel’s SMB implementation.
- Kodem. (2025). Runtime Intelligence for Application Security.
- Kodem. (2025). Toward a Unified Application Data Model for Agentic AppSec.
- Kodem. (2025). Kodem’s Approach to ADR: Rethinking Application Detection & Response. (kodemsecurity.com)
More blogs
Malicious Packages Alert: The Qix npm Supply-Chain Attack: Lessons for the Ecosystem
The npm ecosystem is in the middle of a major supply-chain compromise. The maintainer known as Qix is currently targeted in a phishing campaign that allows attackers to bypass two-factor authentication and take over their npm account. This is happening right now, and malicious versions of widely used libraries are being published and distributed.
Security Issues in popular AI Runtimes - Node.js, Deno, and Bun
Node.js, Deno, and Bun are the primary runtimes for executing JavaScript and TypeScript in modern applications. They form the backbone of AI backends, serverless deployments, and orchestration layers. Each runtime introduces distinct application security issues. For product security teams, understanding these runtime weaknesses is essential because attacks often bypass framework-level defenses and exploit the runtime directly.
Application Security Issues in AI Edge and Serverless Runtimes: AWS Lambda, Vercel Edge Functions, and Cloudflare Workers
AI workloads are increasingly deployed on serverless runtimes like AWS Lambda, Vercel Edge Functions, and Cloudflare Workers. These platforms reduce operational overhead but introduce new application-layer risks. Product security teams must recognize that serverless runtimes are not inherently safer—they simply shift the attack surface.
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.
The State of the Application Security Workflow
This report aims to equip readers with actionable insights that can help future-proof their security programs. Kodem, the publisher of this report, purpose built a platform that bridges these gaps by unifying shift-left strategies with runtime monitoring and protection.
.png)
Get real-time insights across the full stack…code, containers, OS, and memory
Watch how Kodem’s runtime security platform detects and blocks attacks before they cause damage. No guesswork. Just precise, automated protection.
Stay up-to-date on Audit Nexus
A curated resource for the many updates to cybersecurity and AI risk regulations, frameworks, and standards.