The "swiss army knife" of AI: o3 & o4-mini

Howdy my friend!

In today’s piece:

• How we can use OpenAI's new o3, o4-mini & o4-mini-high models as Cloud Security people

• OpenAI’s new “Deep Research Lite”

• Can you crack it? A secret challenge 🕵️ 

• Other handpicked things I think you’ll like

Last week, I whinged about the huntsman spider in my apartment. The plan was to ignore him until he disappeared. But then I found out they live for two years.

Well, I’ve got an update for anyone that cares.

I got rid of the little bugger last weekend. Didn’t even need to use the two spider catchers I bought from Amazon.

I just listened to my girlfriend (usually the right move). She suggested opening the flyscreen door so he’d let himself out. Worked like a charm.

But victory was short-lived.

I noticed something moving behind my bathroom exhaust fan...

Turns out I’ve got a POSSUM living in my bathroom fan!

That’ll be fun to deal with.

Reminds me of AI for us cloud sec folks right now. Just when you get comfortable with a tool, something new appears.

Though unlike possums in your bathroom, the new thing is usually cool.

In the last few weeks, we got new cool things from OpenAI:

• Their o3 model

• Their o4-mini and o4-mini-high models

• A faster “Deep Research Lite” capability

Let’s discuss how you can use them to be more productive.

Key Developments

o3, o4-mini and o4-mini-high

Nelson’s summary: OpenAI launched two new reasoning engines—o3 (its most capable model) and o4-mini (a leaner, lower-cost option). They can autonomously chain every ChatGPT/API tool for quick, multimodal answers while topping industry benchmarks.

The details:

• Agentic tool use: o-series models now self-orchestrate all built-in and custom tools to deliver sophisticated answers.

• Top-tier reasoning: o3 leads Codeforces, SWE-Bench, and MMMU; o4-mini scores 99.5% pass@1 on AIME 2025 with Python.

• Cost-performance trade-off options: o4-mini offers higher rate limits and lower pricing than o3 for scaled workloads.

• Speed-performance trade-off options: o4-mini-high is not a separate model but o4-mini running with increased inference effort for higher quality at the expense of speed.

Why it matters for us CloudSec folks:

The new o3 and o4-mini* models are now my go-to for quick technical answers, replacing Gemini 2.5 Pro and sometimes Deep Research.

I view these models as the “swiss army knives” of AI. They’re great at using tools in complex, multi-step ways, including web browsing, image manipulation, or running code to answer questions.

I’ve now started using o3 instead of Gemini or OpenAI’s Deep Research capability, since it provides quicker, less verbose answers (while keeping quality high).

My first preference will be o3. However, if I want a quicker answer that’s nearly as good, I’ll use o4-mini or o4-mini-high.

These models excel at visual reasoning, even “thinking in images.” They can zoom in, crop, and rotate images to extract key details, then perform multi-step web searches on those details.

A cool use case is analyzing architecture diagrams to identify security recommendations.

I tried this earlier today:

Check out the results. TL;DR: impressive stuff.

OpenAI’s new “Deep Research Lite”

Nelson’s summary: OpenAI released a lightweight version of their Deep Research autonomous research agent, powered by o4-mini. This offers more queries per month and opens access to free users.

Key details:

• o4-mini under the hood: The lightweight version runs on the smaller o4-mini model, which is “nearly as intelligent” as the original but cheaper to operate.

• Monthly limits: Free = 5 queries; Plus, Team, Enterprise & Edu = 25; Pro = 250.

• Auto-fallback: After reaching the full o3-powered Deep Research cap, ChatGPT automatically switches to the lightweight version to avoid work interruptions.

• Shorter but thorough reports: Answers are concise yet still provide sources and reasoning depth.

Why it matters for us CloudSec folks:

The increased speed and usage limits make OpenAI’s Deep Research offering more competitive with Google’s Gemini Deep Research. Until this upgrade, the speed and stingy usage limits were the main weaknesses.

This upgrade reduces the cost of running threat-intel sweeps, vendor-risk assessments, or other technical research tasks without quickly exhausting our monthly quota.

Secret Challenge

Can You Crack It? Secret Challenge 🕵🏼

Pssssttt….

I've got a challenge for you. Use o3 or o4-mini to identify and decode the secret message in this image:

Reply to this email with the decoded secret message to win 100 magic internet points and a shoutout in my next email (if you want) using a name or nickname of your choice.

Challenge rules: Use ****o3/o4-mini/o4-mini-high or other AI models with this image as the input. No image editor, manual cropping, or other tools.

It's an honor system here. I trust ya.

Other Handpicked Things

“Jumping the line” vulnerability in MCP servers: good write-up on a sneaky attack vector in Model Context Protocol (MCP) servers that can harm the user before they’ve invoked any tool.

Wiz write-up on MCP security: a well-written overview of the current MCP security landscape, emphasizing supply chain risk as a key challenge; an interesting example of an “official” Azure MCP server discussed.

MCP server for Wiz: the leading CNAPP now has a MCP server, making it easy to ask questions about your cloud posture in natural language or extend AI applications with CNAPP capabilities.

Dario Amodei’s “The Urgency of Interpretability”: fascinating read that made me more hopeful about understanding modern AI models. As excited as I am about AI, I’m also deeply concerned about the (real) possibility things go south. Anything by Dario is a must-read.

How to Find and Live by Your Values by Mark Manson: a new long-form podcast covering each topic deeply. I’ve been a fan of Mark Manson for years (before he became cool). Worth a watch/listen.

Before you go, I’d love to know what you thought of today’s newsletter. That way I can improve the experience for you and minimise suckiness.

Take care.

Nelson, fellow AI enthusiast and cloud security dude.