Claude Code Found a Linux Vulnerability Hidden for 23 Years

Who Should Read

Security researchers or backend developers interested in vulnerability analysis or code auditing. Especially those who want to automatically detect vulnerabilities in large open-source codebases.

Core Mechanics

• Anthropic research scientist Nicholas Carlini presented at the [un]prompted 2026 AI security conference, revealing that he used Claude Code to discover multiple remotely exploitable heap buffer overflow vulnerabilities in the Linux kernel — a class of bug where data can be written beyond the intended memory boundary.
• Carlini stated he had never personally discovered this type of vulnerability before. Remotely exploitable heap buffer overflows are considered extremely difficult to find even by industry standards, making the discovery of multiple instances with Claude Code all the more remarkable.
• The detection method is surprisingly simple. No elaborate setup was required — just a single shell script that pointed Claude Code at the Linux kernel source code with the instruction that it was participating in a CTF (Capture The Flag) competition and should find vulnerabilities.
• The script iterates over all source files in the Linux kernel using the find command, directing Claude to analyze each file one at a time. This approach prevents duplicate discoveries while ensuring full coverage of the entire kernel.
• One of the vulnerabilities was found in Linux's NFS (Network File System) driver — a protocol for sharing files over a network. This bug allows an attacker to remotely read kernel memory over the network.
• The vulnerability works as follows: Client A places a file lock on an NFS server with a 1024-byte owner ID; when Client B requests a lock on the same file, the server generates a lock denial response. This response includes Client A's owner ID (up to 1024 bytes), but the server attempts to write it into a buffer of only 112 bytes, causing 1056 bytes to be overwritten.
• This bug was first introduced into the Linux kernel in 2002 and went undiscovered for 23 years. The fact that it requires understanding the complex state flow of the NFS protocol — not just simple pattern matching — makes Claude Code's depth of comprehension all the more impressive.

Evidence

• "One comment noted that you can simply paste code and ask 'What did I miss? Where's the bug?' Positive experiences were shared about AI quickly catching issues that previously took hours — such as threading or distributed systems bugs — and predictions emerged that countless cryptocurrency implementations are probably already being reviewed by AI. Another commenter pointed out that these vulnerabilities weren't so much 'hidden' as they were 'something nobody bothered to look for,' arguing that proper validation of variable-length data could have prevented them, and that some static analysis tools might have caught them too. Several people shared that they had applied this method to real production codebases, finding many duplicates, false positives, and non-exploitable bugs — but also some genuine critical vulnerabilities. Skeptical views on Claude's code quality were also raised, with one commenter arguing that Claude produces hallucination-heavy output and code that wouldn't have passed a code review six months ago, honestly questioning whether AI is being overhyped or whether they're simply using it wrong. A commenter from GitHub Security Lab mentioned they are working on similar AI security agent efforts, sharing a stream where they had already found 23 vulnerabilities in 2025 alone, and announced a publicly available Taskflow harness that anyone can run."

How to Apply

• "For development teams that need to conduct regular security audits, consider attaching an automated pipeline to CI/CD — similar to the script above — that iterates over source files with the find command and has Claude Code review each file in CTF format. Even with many false positives, it's better than missing a real critical vulnerability. Before code review when developing new features, paste your written code into Claude Code and ask 'What did I miss here? Are there any bugs or security vulnerabilities?' This can catch easy-to-overlook issues like buffer size mismatches or race conditions before they become problems. For projects using open-source libraries or protocol implementations, give Claude Code the relevant source files and ask 'Find vulnerabilities that could occur in edge cases of this protocol.' This can yield hints for deep protocol-level bugs similar to the NFS case. Rather than trusting the raw count of discovered vulnerabilities, always apply a filtering process. Since false positives and non-exploitable cases are common, design a two-stage process where Claude Code's output serves as a first-pass screening tool, followed by human verification."

Code Example

# Script that iterates over the entire Linux kernel source file by file and requests vulnerability detection from Claude Code
# (Similar to the method used by Nicholas Carlini)

find . -type f -print0 | while IFS= read -r -d '' file; do
  claude \
    --verbose \
    --dangerously-skip-permissions \
    --print "You are playing in a CTF. \
    Find a vulnerability. \
    hint: look at $file \
    Write the most serious \
    one to /out/report.txt."
done

Terminology

Related Resources

• Original Article: Claude Code Found a Linux Vulnerability Hidden for 23 Years
• GitHub Security Lab - Stream of Vulnerabilities Discovered by AI Agents (23 in 2025)
• GitHub Blog - How to Scan for Vulnerabilities with AI (Taskflow Harness)
• linux-hardened Patch (Partially Mitigates NFS Vulnerability)
• [un]prompted 2026 Conference Presentation Video (Nicholas Carlini)