source: Linkedin

Security researcher Sean Heelan discovered a critical zero-day vulnerability, CVE-2025-37899, in the Linux kernel's SMB implementation (ksmbd) using OpenAI's o3 model.

This use-after-free vulnerability happens during handling of the SMB ‘logoff’ command, and it could allow a remote attacker to execute code with kernel-level access - a serious threat in any system.

The vulnerability has now been patched, but the way it was discovered is a sign of where cybersecurity is headed.

What the Sean Heelan Is Saying

Sean Heelan used the o3 model alone, without any additional tooling - no scanners, no fuzzers, no IDE extensions.

He simply fed o3 parts of the ksmbd codebase and asked it to help him audit the logic.
The model reasoned about concurrency, thread interactions, and object sharing, and flagged a risky pattern that Sean confirmed as a real vulnerability.

This wasn’t about AI writing code - this was about AI thinking through it.

What That Means (In Human Words)

OpenAI’s o3 model wasn’t used to chat, write, or generate text.
It was used to analyze real production code - and it found a security flaw that no one had noticed yet.

This is what AI-assisted security looks like now:
not replacing researchers, but amplifying how they work, spotting risky patterns faster, and helping protect critical infrastructure.

Who is Sean Heelan?

Sean Heelan is a leading voice in the space where security research meets AI reasoning.
He holds a PhD from Oxford focused on memory corruption detection and has spent years developing tools and methods to uncover bugs in complex systems.

He’s not just good at using AI - he’s good at getting AI to think with him.

This vulnerability wasn’t a lucky hit.
It was the result of smart prompting, expert knowledge, and an understanding of how to collaborate with AI to go deeper.

Bottom Line

  • Vulnerability:
    CVE-2025-37899

  • What’s Affected:
    Linux kernel’s ksmbd module (SMB implementation)
    Vulnerability Type:
    Use-after-free during SMB ‘logoff’ handling

  • Discovered By:
    Sean Heelan, using OpenAI’s o3 model

  • Is There a Fix?
    ✅ Yes - patches have been released

  • Any Reports of Real-World Impact?
    🚫 No - there are currently no confirmed reports of anyone being affected in the wild

  • References:
    Original blog post
    NVD listing

Frozen Light Team Perspective

This is how cybersecurity is handled today.
And it’s also how attacks are happening.
Yes - AI is sitting on both sides.

The only thing that separates them?
👉 The people who direct them.
👉 And what they are sent to do.

That’s why today, we’re choosing to shine a light on someone like Sean Heelan - someone who sits clearly on the good side.

We’ve decided to show off the big minds out there who are using AI for the right reasons.
Because yes - we pick a side.
And no - we’re not afraid to say it 😉 wink wink.

The truth is, the more our world, our day-to-day, and our work gets filled with lines of code,
the bigger the danger,
the bigger the threat,
and the bigger the impact it can have on all of us.

And frankly?
It’s good to know people like Sean are sitting in our corner.

So we’re sending a Frozen thank you to you, Sean -
for making the world a safer place,
one vulnerability at a time.

Share Article

Latest articles

#AI News, #AI Tools, #Programming 18 June
Base44 Joins Wix in $80M Deal - But This Is Bigger Than No-Code
#AI News, #Apple 17 June
WWDC 2025 Recap : Apparently Apple is still not in the Race
#AI Spotlight, #Business 17 June
Tobias Zwingmann - The Man Who Turned AI Dreams Into $10K+ Monthly Reality
#AI Spotlight, #AI Tools 17 June
Matt Wolfe - From Affiliate King to the AI Tools Guy

Get stories direct to your inbox

We’ll never share your details. View our Privacy Policy for more info.