Security research has reached a pivotal moment. Sean Heelan's recent discovery of CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel's SMB implementation, using OpenAI's o3 model exemplifies this shift. This isn't merely about a new vulnerability; it's about a transformative approach to identifying such flaws.
Why This Discovery Is Important
Heelan employed OpenAI's o3 model to analyze the ksmbd component of the Linux kernel, which handles SMB3 protocol operations. Without any specialized tools or frameworks—just direct interaction with the o3 API, he uncovered a use-after-free vulnerability in the 'logoff' command handler. This bug arises when concurrent connections to the server share objects in specific circumstances, leading to potential memory corruption and arbitrary code execution.
The significance lies not only in the vulnerability itself but in the method of discovery. o3's ability to reason about complex, concurrent code paths without human intervention marks a substantial advancement in AI-assisted security research.
Implications for Security Research and Red Teaming
This development suggests a future where AI models like o3 become integral to security workflows:
- Automated Code Auditing: AI can assist in reviewing large codebases, identifying potential vulnerabilities that might be overlooked by human analysts.
- Enhanced Red Team Operations: Red teams can leverage AI to simulate sophisticated attack vectors, improving the robustness of security assessments.
- Accelerated Vulnerability Discovery: AI models can expedite the identification of complex bugs, reducing the time between vulnerability emergence and mitigation.
Kodem and the Value of Runtime Analysis
While o3 showcases the power of AI in static code analysis, Kodem complements this by focusing on runtime security. Kodem's platform integrates code and runtime analysis, providing real-time insights into application behavior. By observing applications during execution, Kodem identifies vulnerabilities that manifest only under specific runtime conditions. (kodemsecurity.com)
This approach ensures that security teams can detect and remediate issues that traditional static analysis might miss, enhancing overall application security posture.(OX Security)
The Future of Application Security
The convergence of AI-driven code analysis and runtime monitoring heralds a new era in cybersecurity:
- Proactive Defense: Combining tools like o3 and Kodem enables organizations to anticipate and address vulnerabilities before they can be exploited.
- Comprehensive Coverage: Integrating static and dynamic analysis ensures a holistic view of application security, covering both code and operational behavior.
- Efficient Resource Allocation: By automating parts of the security assessment process, teams can focus their efforts on addressing the most critical issues.
In conclusion, the integration of AI models like o3 and platforms like Kodem represents a significant advancement in security research. By embracing these tools, security professionals can enhance their capabilities, proactively defend against emerging threats, and usher in a new standard for application security.
References
- Heelan, S. (2025). How I used o3 to find CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel’s SMB implementation.
- Kodem. (2025). Runtime Intelligence for Application Security.
- Kodem. (2025). Toward a Unified Application Data Model for Agentic AppSec.
- Kodem. (2025). Kodem’s Approach to ADR: Rethinking Application Detection & Response. (kodemsecurity.com)
More blogs
From Discovery to Resolution: A Single Source of Truth for Vulnerability Statuses
Continuous visibility from first discovery to final resolution across code repositories and container images, showing who fixed each vulnerability, when it was resolved and how long closure took. Kodem turns issue statuses into ownership for engineers, progress tracking for leadership and defensible risk reduction for application security.
Kai Gets Internet Access: Turning Context Into Intelligence for Product Security Teams
For years, product security teams have lived with a gap. Tools surfaced findings — CVEs, outdated packages, risky dependencies — but rarely the context to make sense of them. Engineers still had to open a browser, type a CVE into Google, skim through NVD, vendor advisories, GitHub issues, and random blogs to answer basic questions: Is this actually exploitable in our environment? Is there a safe upgrade path? Has anyone seen this exploited in the wild? This release closes that gap.
When NPM Goes Rogue: The @ctrl/tinycolor Supply-Chain Attack
On September 15, 2025, researchers at StepSecurity and Socket disclosed a large, sophisticated supply-chain compromise in the NPM ecosystem. The incident centers around the popular package @ctrl/tinycolor (with over two million weekly downloads), but it extends far beyond: 40+ other packages across multiple maintainers were also compromised.
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.
The State of the Application Security Workflow
This report aims to equip readers with actionable insights that can help future-proof their security programs. Kodem, the publisher of this report, purpose built a platform that bridges these gaps by unifying shift-left strategies with runtime monitoring and protection.
.png)
Get real-time insights across the full stack…code, containers, OS, and memory
Watch how Kodem’s runtime security platform detects and blocks attacks before they cause damage. No guesswork. Just precise, automated protection.
Stay up-to-date on Audit Nexus
A curated resource for the many updates to cybersecurity and AI risk regulations, frameworks, and standards.