2025-05-26
Interesting. Last year I ran an experiment comparing the latest models at the time (Sonnet 3.5, GPT-4o and Gemini 1.5). The task was to simulate a fuzzer by analysing C code and then generating inputs that hit both sides of each branch. Gemini 1.5 was the best back then as well.
Sean Heelan's Blog
A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API
Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a nov...
For the larger context size when I was sending all of smb2pdu.c the usage was approx 100k input tokens, 4k output tokens (3k reasoning, 1k completion), which at current o3 pricing is $1.16. So the full 100 runs was costing $116.
Sean Heelan's Blog
A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API
Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a nov...
I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel's SMB implementation. Link to the blog post below 👇
Sean Heelan's Blog
A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API
Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a nov...