Nicholas Carlini used Claude Code to discover a heap buffer overflow in the Linux kernel that sat undetected for 23 years—a bug introduced in March 2003 and only found in March 2026. Moreover, Carlini, a research scientist at Anthropic, presented the findings at the [un]prompted AI security conference last month, showing that Claude Opus 4.6 identified multiple remotely exploitable vulnerabilities that human security auditors missed for over two decades.
The headline bug is in Linux’s NFSv4.0 LOCK replay cache. It’s a heap buffer overflow that allows remote attackers to read sensitive kernel memory over the network. The mechanism: a 112-byte buffer receives 1,056 bytes through a 1,024-byte owner ID field. Consequently, that’s not a subtle mistake—it’s the kind of obvious memory corruption that should have been caught years ago. It wasn’t.
The AI Capability Leap
Carlini tested Claude Opus 4.6 against older versions—Opus 4.1 and Sonnet 4.5—and found the newer model discovered vulnerabilities the older models couldn’t. Indeed, previous versions found only a “small fraction” of what 4.6 identified. This isn’t incremental improvement; it’s a capability leap that fundamentally changes what AI can do in security research.
Carlini put it bluntly: “I have never found one of these [remotely exploitable heap buffer overflows] in my life before. This is very, very, very hard to do. With these language models, I have a bunch.” Consider who’s saying this. Carlini earned his PhD from UC Berkeley, won best paper awards at IEEE S&P, USENIX Security (twice), and ICML (three times). Furthermore, he worked at Google Brain and DeepMind before joining Anthropic. If someone with that background says he’s never manually found this type of bug, that tells you how difficult it is for humans.
Opus 4.6 has discovered over 500 previously unknown high-severity vulnerabilities across major open-source projects—Linux kernel, glibc, Chromium, Firefox, WebKit, Apache HTTPd, GnuTLS, OpenVPN, Samba, and NASA’s CryptoLib. In January 2026, OpenSSL announced 12 new zero-days, all discovered by AI systems. Additionally, over 100 CVEs were validated in late 2025 and early 2026, representing a volume of vulnerability discovery that human researchers simply cannot match.
How Claude Code Discovered Hidden Vulnerabilities
Carlini’s methodology was straightforward. He created a script that iterated through Linux kernel source files, instructing Claude to find vulnerabilities by framing the task as a capture-the-flag competition. The script focused Claude’s attention on individual files sequentially to prevent repetitive findings. Therefore, Claude didn’t just pattern-match—it reasoned about code the way experienced researchers do, examining commit history to identify changes that introduce bugs, analyzing unsafe patterns, and using its understanding of underlying algorithms to find edge-case code paths that fuzzers rarely exercise.
The NFSv4 vulnerability required Claude to understand intricate NFS protocol mechanics. It’s not the type of bug you find by running automated tools or fuzzing random inputs. Instead, it demands semantic understanding of how the protocol works, what the code is supposed to do, and where the implementation deviates from safe behavior. Claude did that. Humans didn’t, despite 23 years of opportunity.
The Dual-Use Problem
Here’s where it gets uncomfortable. If AI can find vulnerabilities this effectively, so can attackers. IBM X-Force reported a 44% increase in attacks exploiting public-facing applications, driven by “AI-enabled vulnerability discovery.” Meanwhile, the same tools that help defenders locate and fix bugs are available to adversaries who want to exploit them before patches exist.
At the [un]prompted conference, experts formed the Zero Day Clock coalition, arguing that vulnerability management needs “radical rethinking” because time-to-exploit for new vulnerabilities is plummeting. When AI can discover hundreds of bugs in weeks, disclosure timelines designed for human-paced research no longer work. OpenAI released Aardvark, an AI security researcher that autonomously finds, validates, and helps fix vulnerabilities at scale, achieving 92% recall on known vulnerabilities in benchmarks. That’s a powerful defensive tool. However, it’s also a blueprint for offensive capabilities.
What This Means for Linux Security
The 23-year-old NFS bug proves that manual code review and existing automated tools are insufficient. NFSv4 has a long history of security issues—CVE-2022-43945 was a buffer overflow “in kernel code for decades,” patched only in 2022. Multiple vulnerabilities in code that’s 20+ years old suggest a systemic problem: legacy code isn’t being audited effectively.
AI changes the economics. Re-auditing millions of lines of kernel code was impractical when it required human experts spending months on review. Now it’s feasible. Security teams need to integrate AI into vulnerability management workflows. Maintainers should prepare for a flood of AI-discovered bugs. And everyone should ask: if a 23-year-old bug was hiding in one of the most scrutinized codebases in the world, what else are we missing?
Carlini’s findings aren’t a one-off curiosity. They’re evidence that AI has crossed a threshold in security research—finding complex bugs that human experts overlook, at a scale and speed humans cannot match. The question isn’t whether AI will transform vulnerability discovery. It’s how fast both attackers and defenders adapt.
