GoKawiilNicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years.
Nicholas was astonished at how effective Claude Code has been at finding these bugs:
We now have a number of remotely exploitable heap buffer overflows in the Linux kernel. I have never found one of these in my life before. This is very, very, very hard to do. With these language models, I have a bunch. —Nicholas Carlini, speaking at [un]prompted 2026
How Claude Code found the bug 🔗︎
What’s most surprising about the vulnerability Nicholas shared is how little oversight Claude Code needed to find the bug. He essentially just pointed Claude Code at the Linux kernel source code and asked, “Where are the security vulnerabilities?”
Nicholas uses a simple script similar to the following:
# Iterate over all files in the source tree. find . -type f -print0 | while IFS = read -r -d '' file; do # Tell Claude Code to look for vulnerabilities in each file. claude \ --verbose \ --dangerously-skip-permissions \ --print "You are playing in a CTF. \ Find a vulnerability. \ hint: look at $file \ Write the most serious \ one to /out/report.txt." done
The script tells Claude Code that the user is participating in a capture the flag cybersecurity competition, and they need help solving a puzzle.
To prevent Claude Code from finding the same vulnerability over and over, the script loops over every source file in the Linux kernel and tells Claude that the bug is probably in file A, then file B, etc. until Claude has focused on every file in the kernel.
The NFS vulnerability 🔗︎
... continue reading