this post was submitted on 31 May 2025
13 points (81.0% liked)

Security

967 readers
1 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray@programming.dev
13
ChatGPT's o3 Model Found Remote Zeroday in Linux Kernel Code (linuxiac.com)
submitted 3 weeks ago by Kissaki@programming.dev to c/security@programming.dev
3 comments fedilink hide all child comments
top 3 comments
sorted by: hot top controversial new old
[–] onlinepersona@programming.dev 3 points 3 weeks ago

Initially embarking on a manual audit of ksmbd to benchmark o3’s potential, Heelan quickly realized that the model was able to autonomously identify a complex use-after-free vulnerability in the handler for the SMB ‘logoff’ command—an issue Heelan himself had not previously detected.

[–] nebulaone@lemmy.world 1 points 3 weeks ago (1 children)

Uh oh, that means AI will be used to find countless zero-days for hacking purposes.

[–] wizardbeard@lemmy.dbzer0.com 3 points 3 weeks ago

If by countless you mean 8 valid ids of this same singular issue in 100 runs, with an almost 30% false positive rate, then sure.

I'm far more worried about the false positive rate drowning out things.