OpenAI’s o3 Model Helps Researcher Uncover Zero-Day Vulnerability in Linux Kernel’s SMB Stack
The discovery of a Linux zero-day vulnerability deep within the kernel SMB implementation (ksmbd) has been given to the world in all its glory by OpenAI’s o3 AI model. This is no mere bug; it is an extremely well-disguised flaw that needs the subtle interplay of multiple users or connections to set it off! Think of it as a digital lock which requires following a specific multi-step procedure: but instead of slamming open a treasure chest, it opens an avenue for potential exploitation. And now entering the official ranking lists as CVE-2025-37899, the vulnerability was a true needle in a haystack, slipping past conventional methods of detection. But fret not, Linux users: a patch is already available, slamming the door on the newly discovered threat!
OpenAI’s o3 Finds Zero-Day Vulnerability
The unexploited potential of AI in discovering zero-day vulnerabilities is one of the recent mysteries in the world of security. Despite an ever-increasing prowess of AI, decisions to unearth these secret flaws are still conducted by means of traditional code audits, which are often tedious and tiresome walks through endless lines of code. Could AI then be the solution? The blog post of researcher Sean Heelan details how under no duress, whatsoever, OpenAI’s o3 model detected a zero-day bug, suggesting a future where AI may just be the ultimate bug bounty hunter.
This bug was not even the main hunt; Heelan was actually studied attacking Kerberos authentication vulnerability (CVE-2025-37778), and another nasty use-after-free flaw. Picture a digital janitor tossing out data other programs were still clinging onto. The result: system crashes and security holes so gaping that one can fall through. Even more impressive, the AI managed to detect this in 8% of the trials.
Heelan, encouraged by o3’s aptitude for catching known bugs buried deep within mountains of code, threw the AI a curveball: Instead of feeding it only the function, they uploaded the entire session setup command handler, a sprawling 12,000-line piece of gargantuan code. Imagine giving an AI a novel and demanding it to find a single egregious typo, one so excessive it could cause a system-wide blue screen. That was the challenge Heelan set down.
O3 had the hard task of looking after a buried bug, with 100 full-file simulations done. Result: That single instance appeared! Yeah, the performance dropped, but it was worthy of note that Heelan praised o3 for hanging in there long enough to find the bug, which was quite an achievement. But the breakthrough? While in other runs, o3 managed to find a new bug, one literally unknown to anyone, including the researcher themselves. It was not fixing known bugs; it’s searching beyond the borders of known bug detection.
Imagine that shadowy figure haunting the last moments of your online session. That is exactly how this new security flaw behaves, which lurks within the SMB logoff command handler. As a zero-day vulnerability, at the moment of system crash, while access to a file that had already been consigned to oblivion was attempted, an error arises while the session is logging off and the user ends the session.
The discovery of O3 goes beyond just fixing bugs-it saves the system. Their report reveals an exploit that could grant the attacker root access or take the entire system down. Heelan praised the sharp observation of O3 for being able to dissect a complex real-world threat and explain in plain English just how grave the dangers are. That is not just good work; it is a security win of utmost importance.
Advertisement
Dr. Heelan, though admitting that there is no such thing as a perfect o3 and that at times its keenness mistakes whispers for shouts, then said, “For unlike the strict dichotomy of conventional security scanners, o3 hunts for bugs using almost human intuition, that is, it goes sniffing around for vulnerabilities in an entirely flexible and adaptive manner.”
Thanks for reading OpenAI’s o3 Model Helps Researcher Uncover Zero-Day Vulnerability in Linux Kernel’s SMB Stack