Post #328

Claude Code Found a 23-Year-Old Linux Vulnerability. Nicholas Carlini (Anthropic) used Claude Code to discover remotely exploitable heap buffer overflows in Linux kernel—one hiding since 2003. Key metrics: • 5+ confirmed CVEs found in kernel code • Claude Opus 4.6 found 10x more bugs than Opus 4.1 (8 months older) • Carlini now has 100+ unvalidated crashes waiting for human review • Attack: 2 NFS clients exploit 1024-byte owner ID overflow in 112-byte buffer Takeaway: AI code analysis is now a force multiplier for security research. The bottleneck shifted from finding bugs to validating them. If you're building dev tools or security platforms, this is your wedge. https://mtlynch.io/claude-code-found-linux-vulnerability/ #AI#Security