Anthropic research scientist Nicholas Carlini used Claude Code to discover multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that went undetected for 23 years. The method required minimal oversight — a simple shell script looped Claude Code over kernel source files with a CTF-framing prompt. This demonstrates AI-assisted vulnerability research operating at a level previously unreachable by individual researchers.
Research
Claude Code Found a Linux Vulnerability Hidden for 23 Years
Claude Code discovered a 23-year-old Linux kernel heap buffer overflow through automated source code analysis, demonstrating AI-assisted vulnerability research at previously unreachable individual researcher scale.
Friday, April 3, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
research
/// RELATED
Infrastructure4d ago
micro-benchmarks don’t tell the whole story
Rust's HTTP frameworks dominate raw throughput benchmarks (316k req/s), but the analysis reveals micro-benchmarks measure only socket performance and ignore real-world application bottlenecks that determine actual user experience.
Infrastructure4d ago
On Dwarkesh Patel's Podcast With Nvidia CEO Jensen Huang
Zvi critically examines Nvidia CEO Jensen Huang's credibility on semiconductor and AI infrastructure claims, distinguishing his narrative discipline from other executives who make provably false statements.