The third major Linux kernel flaw in two weeks has been found - thanks to AI

rcjordan · May 15, 2026, 12:40:36 AM

https://www.zdnet.com/article/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai/

littleman · May 15, 2026, 01:42:03 AM

The good news is that they are getting found and people could patch up their systems.

rcjordan · May 15, 2026, 02:11:31 PM

>good news

Yeah, a recent FF update fixed 100+ security issues found by one of the new super-AI LLMs.

>bad news

The flip side is that hackers are using LLMs to find them.

ergophobe · May 15, 2026, 03:43:44 PM

I'm hoping this will be a temporary thing. Right now they are finding 20yo flaws, but as that backlog gets processed it should slow down.

Drupal requires unit testing to release a minor patch. That has reduced the number of times an update breaks things. I am assuming AI exploit testing will also become a required step for any update.

rcjordan · May 15, 2026, 10:23:13 PM

>hoping

I'll have none of that! hhh

AI agents show they can create exploits, not just find vulns
https://www.theregister.com/ai-ml/2026/05/15/ai-agents-show-they-can-create-exploits-not-just-find-vulns/5241453

rcjordan · May 15, 2026, 11:21:47 PM

The First CVE Wave: Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure Volumes | Blog | VulnCheck

https://www.vulncheck.com/blog/ai-assisted-vulnerability-discovery

<+>
AI-powered hacking has exploded into industrial-scale threat, Google says | The Guardian
https://www.theguardian.com/technology/2026/may/11/ai-powered-hacking-industrial-scale-threat-three-months-google

rcjordan · May 19, 2026, 07:03:06 PM

It's a Good vs Evil race. Good is plugging holes while Evil opens them. Here's a good;

Project Glasswing: what Mythos showed us
https://blog.cloudflare.com/cyber-frontier-models/

ergophobe · May 23, 2026, 08:47:27 PM

Quote from: rcjordan on May 15, 2026, 10:23:13 PMAI agents show they can create exploits

But it's still the same thing. That is just taking the next step, which means that if a hacker finds the exploit first, you're hosed.

But if a strong AI agent can do that, it can also become part of integration testing. If you have really strong unit tests and integration tests, you can hopefully just stop a lot of this code from ever getting committed.

Obviously, it's always cat and mouse. You create a better lock and thieves build better tools to break it.

ergophobe · **Today** at 04:33:49 AM

But of course, that's thinking long term after powerful AI is integrated into testing harnesses.

In the short term, we can expect a lot of this

https://www.commondreams.org/news/google-ai-zero-day

rcjordan · **Today** at 02:54:18 PM

and don't bank online. If you must, only expose an amount you can afford to lose.