Techly NewsGet the app

Get the latest tech news

I used o3 to find a remote zeroday in the Linux SMB implementation


In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API &#821…

Before I get into the technical details, the main takeaway from this post is this: with o3 LLMs have made a leap forward in their ability to reason about code, and if you work in vulnerability research you should start paying close attention. I could walk a colleague through the entire code-path in 10 minutes, and you don’t really need to understand a lot of auxiliary information about the Linux kernel, the SMB protocol, or the remainder of ksmbd, outside of connection handling and session setup code. In fact my entire system prompt is speculative in that I haven’t ran a sufficient number of evaluations to determine if it helps or hinders, so consider it equivalent to me saying a prayer, rather than anything resembling science or engineering.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of remote zeroday

remote zeroday

« The Decline of Usability: Revisited (2023)
Duolingo CEO walks back AI-first comments: 'I do not see AI as replacing what our employees do' »