Nicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years.

Nicholas was astonished at how effective Claude Code has been at finding these bugs:

We now have a number of remotely exploitable heap buffer overflows in the Linux kernel.

I have never found one of these in my life before. This is very, very, very hard to do.