"AI Disruption" Publication 6600 Subscriptions 20% Discount Offer Link.

Just recently, OpenAI's president retweeted the experimental results of independent researcher Sean Heelan: using the o3 model, he discovered a remote zero-day vulnerability in the Linux kernel's SMB implementation.

What's even more surprising is that the entire process didn't rely on any complex tools—no scaffolding, no agent frameworks, no tool invocation, just the o3 API itself.

The vulnerability, designated as CVE-2025-37899, is a use-after-free vulnerability in the SMB "logoff" command handler.

According to the researcher, this is the first publicly discussed vulnerability of its kind discovered by a large language model.

Some netizens, after reviewing the discovery process, remarked that they expected a highly complex experimental setup, but it turned out to be just stitching together a bunch of code and having o3 analyze it 100 times.

Hopefully, other white-hat hackers have already started inspecting other critical operating systems in this way.

OpenAI's Chief Research Officer, Mark Chen, stated: Reasoning models like o3 are beginning to assist in deep technical work and meaningful scientific discoveries. Over the next year, results like this will become increasingly common.