Anthropic researcher Nicholas Carlini used Claude Code to find a remotely exploitable heap buffer overflow in the Linux kernel's NFS driver, undiscovered for 23 years. Five kernel vulnerabilities have

InfoQ is a leading online platform for software developers, architects, and technical leaders, providing news, articles, presentations, and interviews on a wide range of topics, including agile practices, DevOps, microservices, and emerging technologies. With a focus on quality content and expert insights, InfoQ helps professionals stay informed about the latest trends, best practices, and industry developments. Developers can learn from real-world experiences, gain  knowledge, and connect with peers in the global software community through InfoQ's diverse and engaging content.

InfoQ

Anthropic researcher Nicholas Carlini used Claude Code with a simple bash script to discover multiple remotely exploitable Linux kernel vulnerabilities, including a 23-year-old heap buffer overflow in the NFS driver. The script iterated over every kernel source file and prompted Claude Code to find vulnerabilities with no custom tooling. Five kernel vulnerabilities across NFS, io_uring, futex, and ksmbd have been confirmed and patched. The discovery highlights a rapid capability jump in AI-assisted vulnerability research — Claude Opus 4.6 found significantly more bugs than models released just months earlier. Linux kernel maintainers confirm a shift from AI-generated noise to legitimate security reports, with the kernel security list jumping from 2-3 reports per week to 5-10 per day. Security researchers note LLM-based discovery is a new category that combines aspects of fuzzing and static analysis, while raising dual-use concerns about adversaries running the same process at scale.

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years