GPT-5.5 identifies systemic privilege escalation vulnerability in SDK
GPT-5.5 identified a systemic privilege escalation vulnerability in an undisclosed SDK after locating five distinct issues that shared the same underlying design flaw. A generated report passed preliminary review in under 10 minutes without appearing as a duplicate. In separate testing the model worked autonomously for 45 minutes to gather stronger evidence on a software bug and returned findings that were nearly persuasive. Technical details stay under embargo pending disclosure approval.
#12Greg Brockman@GDBusing GPT for defensive security
Philo Groves@PhiloGrovesGPT 5.5 found a truly novel bug, leading to one of my most insane reports ever. Passed prelim review in less than 10 minutes, doesn't appear to be a duplicate. Can't wait until I'm allowed to disclose it!
#843Brendan Dolan-Gavitt@MOYIXIt's amazing how you can just tell GPT-5.5 to go get stronger evidence for the security implications of a bug and it will diligently work for 45 minutes and come back with something that is almost, but not *entirely* unconvincing
Like my guy, why would I care that you wrote a program that simulates what the real heap might look like. You have the actual program and its heap along with a debugger right there
Brendan Dolan-Gavitt@moyixIt's amazing how you can just tell GPT-5.5 to go get stronger evidence for the security implications of a bug and it will diligently work for 45 minutes and come back with something that is almost, but not *entirely* unconvincing