When o3 found a Zero-Day

Security research has reached a pivotal moment. Sean Heelan's recent discovery of CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel's SMB implementation, using OpenAI's o3 model exemplifies this shift. This isn't merely about a new vulnerability; it's about a transformative approach to identifying such flaws.

Why This Discovery Is Important

Heelan employed OpenAI's o3 model to analyze the ksmbd component of the Linux kernel, which handles SMB3 protocol operations. Without any specialized tools or frameworks—just direct interaction with the o3 API, he uncovered a use-after-free vulnerability in the 'logoff' command handler. This bug arises when concurrent connections to the server share objects in specific circumstances, leading to potential memory corruption and arbitrary code execution.

The significance lies not only in the vulnerability itself but in the method of discovery. o3's ability to reason about complex, concurrent code paths without human intervention marks a substantial advancement in AI-assisted security research.

Implications for Security Research and Red Teaming

This development suggests a future where AI models like o3 become integral to security workflows:

• Automated Code Auditing: AI can assist in reviewing large codebases, identifying potential vulnerabilities that might be overlooked by human analysts.
  
• Enhanced Red Team Operations: Red teams can leverage AI to simulate sophisticated attack vectors, improving the robustness of security assessments.
  
• Accelerated Vulnerability Discovery: AI models can expedite the identification of complex bugs, reducing the time between vulnerability emergence and mitigation.
  

Kodem and the Value of Runtime Analysis

While o3 showcases the power of AI in static code analysis, Kodem complements this by focusing on runtime security. Kodem's platform integrates code and runtime analysis, providing real-time insights into application behavior. By observing applications during execution, Kodem identifies vulnerabilities that manifest only under specific runtime conditions. (kodemsecurity.com)

This approach ensures that security teams can detect and remediate issues that traditional static analysis might miss, enhancing overall application security posture.(OX Security)

The Future of Application Security

The convergence of AI-driven code analysis and runtime monitoring heralds a new era in cybersecurity:

• Proactive Defense: Combining tools like o3 and Kodem enables organizations to anticipate and address vulnerabilities before they can be exploited.
  
• Comprehensive Coverage: Integrating static and dynamic analysis ensures a holistic view of application security, covering both code and operational behavior.
  
• Efficient Resource Allocation: By automating parts of the security assessment process, teams can focus their efforts on addressing the most critical issues.
  

In conclusion, the integration of AI models like o3 and platforms like Kodem represents a significant advancement in security research. By embracing these tools, security professionals can enhance their capabilities, proactively defend against emerging threats, and usher in a new standard for application security.

References

• Heelan, S. (2025). How I used o3 to find CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel’s SMB implementation.
  
• Kodem. (2025). Runtime Intelligence for Application Security.
  
• Kodem. (2025). Toward a Unified Application Data Model for Agentic AppSec.‍
• Kodem. (2025). Kodem’s Approach to ADR: Rethinking Application Detection & Response. (kodemsecurity.com)