Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years (opens in new tab)

Anthropic researcher Nicholas Carlini used Claude Code to find a remotely exploitable heap buffer overflow in the Linux kernel's NFS driver, undiscovered for 23 years. Five kernel vulnerabilities have been confirmed so far. Linux kernel maintainers report that AI bug reports have recently shifted from slop to legitimate findings, with security lists now receiving 5-10 valid reports daily. By Steef-Jan Wiggers