Anthropic researcher Nicholas Carlini discovered multiple remotely exploitable Linux kernel vulnerabilities using Claude Code, including a heap buffer overflow in the NFS driver that's been lurking since 2003. The most striking part? His approach was dead simple — a bash script that iterates through kernel source files and tells Claude "You are playing in a CTF. Find a vulnerability." No specialized tooling, no complex prompts. The NFS bug itself required understanding intricate protocol details involving two cooperating clients exploiting a 112-byte buffer with 1056 bytes of data, giving attackers control over kernel memory.
This represents a fundamental shift in vulnerability discovery. Carlini noted he'd "never found one of these in my life before" — remotely exploitable kernel bugs are notoriously difficult to discover. Yet with Claude, he now has "a bunch." More telling is the capability progression: Claude Opus 4.1 from eight months ago could only find a fraction of what Opus 4.6 discovered, suggesting we're in a narrow window where AI-assisted security research is becoming routine. Linux kernel maintainers confirm this trend, reporting that AI bug reports have shifted from "slop" to legitimate findings, with security lists now receiving 5-10 valid reports daily.
The broader implications are sobering for both attackers and defenders. If a researcher can find decades-old vulnerabilities with a simple script, so can malicious actors. The compressed timeline from AI capability to practical exploitation means the traditional disclosure and patching cycles may be too slow. For developers, this signals both opportunity and urgency — AI tools can dramatically improve code security auditing, but they're equally accessible to those with malicious intent." "tags": ["claude", "security", "linux", "vulnerability