Hacker News Pushes Claude Code's Linux Bug Hunt Into View
Original: Claude Code Found a Linux Vulnerability Hidden for 23 Years View original →
A Hacker News post on April 3, 2026 pushed a security story into the mainstream developer feed: "Claude Code Found a Linux Vulnerability Hidden for 23 Years" reached 219 points and 135 comments. The linked write-up by Michael Lynch summarizes a talk from Nicholas Carlini at [un]prompted 2026, where he described using Claude Code to uncover multiple remotely exploitable Linux kernel vulnerabilities. One of the bugs, according to the write-up, had been sitting in the kernel since 2003.
The most striking example is in the Linux NFS driver. The server response path used a 112-byte buffer, but the denial message could include an owner ID large enough to expand the response to 1056 bytes. That mismatch meant the kernel could write 1056 bytes into a 112-byte buffer, creating a heap overflow that could let an attacker overwrite kernel memory with attacker-controlled data. What makes this notable is not just that the bug existed, but that the model had to reason through a multi-step protocol interaction involving two cooperating NFS clients and a server state machine rather than matching a trivial insecure pattern.
The write-up traces the vulnerable logic to a 2003 change that introduced a static replay buffer sized at 112 bytes for NFSv4 state handling. Carlini also says the bigger bottleneck is no longer idea generation but human validation. Claude Code can surface crashes and candidate vulnerabilities faster than one researcher can manually confirm and responsibly report them. Lynch notes that Carlini had already fixed or reported multiple Linux issues, while many more candidate findings remained unfiled because they still needed review.
That changes the practical conversation around AI-assisted security. Models like Claude Opus 4.6 do not yet look like turnkey autonomous exploit kits, and the Anthropic-linked work suggests exploitation is still harder than discovery. But defenders no longer need to wait for fully autonomous hacking to feel the pressure. Even today's coding agents can materially increase the rate at which deep, non-obvious bugs are surfaced inside large codebases. For open-source maintainers, that is both an opportunity and a scaling problem: better bug discovery is only useful if triage, reproduction, and patching pipelines can keep up.
Related Articles
Cloudflare tested Anthropic's security-specialized Mythos Preview model against their own infrastructure under Project Glasswing. Mythos can chain low-severity bugs into working exploits, demonstrating reasoning comparable to senior security researchers — but with inconsistent safeguards and significant triage overhead.
Models like Claude Opus 4.5 and GPT-5.5 can now automatically solve medium and many hard CTF challenges, making leaderboards measure token budgets rather than security skill. A detailed analysis argues the open CTF format is effectively dead.
Researchers from Calif teamed with Anthropic's Mythos Preview to develop the first public macOS kernel memory corruption exploit bypassing Apple M5's Memory Integrity Enforcement — in just five days. Apple spent five years building what they broke in a week.
Comments (0)
No comments yet. Be the first to comment!