Using o3 to analyse architecture diagrams for security issues

A new "CloudSec expert in your pocket"

Nelson R
May 03, 2025

This micro-post captures an example of using OpenAI's new o3 model to analyze a hand-drawn architecture diagram to make security recommendations.

This takes advantage of the great visual reasoning capabilities in the new o-series models.

This is not a stand-alone post, but rather a useful reference.

Note: this answer was copy-pasted in chunks to this page, so please ignore the weird changes in font size — I’m too lazy to fix this up right now 😅

o3 ended with a great summary, including a nifty lil’ ASCII diagram

I was impressed by this response.

This was a quick and dirty test, but o3 nailed it. It provided a clear, technically accurate checklist of security controls for this solution.

I used an Azure example since that’s the cloud I work with but obviously this technique would work for AWS, GCP, etc too.

Very promising. I'll continue to explore what more can be done with these new o-series models and keep y’all updated!