The DropApril 15, 2026via InfoQ AI/ML
Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years
Why it matters
Claude Code is moving beyond code generation into autonomous security auditing. The Linux kernel maintainers' data—5-10 valid AI-generated security reports daily—signals a new class of AI-native developer tools with real infrastructure impact.
Key signals
- Claude Code discovered remotely exploitable heap buffer overflow in Linux NFS driver
- Vulnerability undetected for 23 years
- 5 kernel vulnerabilities confirmed so far
- Linux kernel maintainers report shift from 'slop to legitimate findings'
- 5-10 valid AI security reports daily to security lists
- Researcher: Nicholas Carlini (Anthropic)
- Published: April 15, 2026
The hook
Claude Code just found a Linux kernel bug hidden for 23 years. 5 confirmed vulnerabilities. AI security tooling shifted from noise to signal.
Anthropic researcher Nicholas Carlini used Claude Code to find a remotely exploitable heap buffer overflow in the Linux kernel's NFS driver, undiscovered for 23 years. Five kernel vulnerabilities have been confirmed so far. Linux kernel maintainers report that AI bug reports have recently shifted from slop to legitimate findings, with security lists now receiving 5-10 valid reports daily.
By Steef-Jan Wiggers
Relevance score:78/100