How to Use Claude Code for Security Audits: The Script That Found a 23-Year-Old Linux Bug
Learn the exact script and prompting technique used to find a 23-year-old Linux kernel vulnerability, and how to apply it to your own codebases. The Technique — A Simple Script for Systematic Audits At the [un]prompted AI security conference, Anthropic research scientist Nicholas Carlini revealed he used Claude Code to find multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had gone undetected for 23 years. The breakthrough wasn't a complex AI agent—it was a straightforward bash script that systematically directed Claude Code's attention. Carlini's script iterates over every file in a source tree, feeding each one to Claude Code with a specific prompt designed to bypass safety constraints and focus on vulnerability discovery. Why It Works — Context,
Learn the exact script and prompting technique used to find a 23-year-old Linux kernel vulnerability, and how to apply it to your own codebases.
The Technique — A Simple Script for Systematic Audits
At the [un]prompted AI security conference, Anthropic research scientist Nicholas Carlini revealed he used Claude Code to find multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had gone undetected for 23 years. The breakthrough wasn't a complex AI agent—it was a straightforward bash script that systematically directed Claude Code's attention.
Carlini's script iterates over every file in a source tree, feeding each one to Claude Code with a specific prompt designed to bypass safety constraints and focus on vulnerability discovery.
Why It Works — Context, Competition, and Iteration
The script works because it solves three key problems: scope, safety, and repetition.
First, it breaks a massive codebase (the Linux kernel) into manageable, file-sized chunks for Claude Code's context window. Second, it uses a role-playing prompt—"You are playing in a CTF"—to frame the task as a Capture The Flag competition. This context encourages the model to think like an attacker and can help it bypass internal safeguards that might otherwise prevent it from reporting potential security flaws. The --dangerously-skip-permissions flag is also used, which is a powerful and potentially risky command that developers should understand fully before employing.
Third, by looping through each file individually, the script prevents Claude Code from getting stuck reporting the same most obvious vulnerability repeatedly, forcing a broader analysis.
How To Apply It — The Script and Prompt
Here is the core script structure, adapted for general use. Warning: Using --dangerously-skip-permissions requires extreme caution and should only be run on codebases you own or have explicit permission to test.
#!/bin/bash
Iterate over all files in the source tree.
find . -type f -name ".c" -print0 | while IFS= read -r -d '' file; do
Tell Claude Code to look for vulnerabilities in each file.
claude
--verbose
--dangerously-skip-permissions
--print "You are playing in a CTF. Find a vulnerability. hint: look at $file Write the most serious one to /out/report.txt."
done`
Enter fullscreen mode
Exit fullscreen mode
Key Adjustments for Your Projects:
-
Target Specific Files: Modify the find command. Use -name ".py" for Python audits or -name ".go" for Go.
-
Refine the Output: Change the output command from --print to --edit if you want Claude Code to annotate the source file directly with comments.
-
Scope the Prompt: For smaller projects, you can feed multiple files at once by adjusting the loop. The key is to stay within Claude Code's context window for effective analysis.
-
Safety First: Remove the --dangerously-skip-permissions flag for routine code review. Reserve it for dedicated, controlled security testing environments.
The bug Carlini highlighted—a complex issue in the NFS driver requiring understanding of protocol state—shows Claude Code isn't just pattern matching. It can reason about intricate system interactions, making this script useful for deep, logical audits, not just syntax checking.
gentic.news Analysis
This demonstration is a significant data point in the evolving capabilities of Claude Code, which has been featured in over 60 articles this week alone, indicating surging developer interest. It showcases a move beyond basic code generation into complex analysis and security work—a domain previously dominated by specialized static analysis tools. This follows Anthropic's broader push into enterprise and developer tools, as seen with the release of the Claude Agent SDK in late 2024 and the recent Windows launch of Claude Desktop apps with 'computer use' features.
The technique aligns with a trend we've covered where Claude Code and AI Agents are being used to automate deep, tedious analysis tasks, such as the solar permitting automation by ForeverSolar. However, it also highlights a tension: the power of --dangerously-skip-permissions and role-play prompts to bypass model safeguards. This is a double-edged sword that grants powerful auditing capabilities but also introduces risk if misused. As Anthropic reportedly considers an IPO and competes with OpenAI and Google, demonstrations of high-stakes, real-world utility like this are crucial for proving the value of their developer platform beyond simpler coding assistants.
Originally published on gentic.news
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
claudemodelrelease
Alibaba s Qwen team built HopChain to fix how AI vision models fall apart during multi-step reasoning
When AI models reason about images, small perceptual errors compound across multiple steps and produce wrong answers. Alibaba's HopChain framework tackles this by generating multi-stage image questions that break complex problems into linked individual steps, forcing models to verify each visual detail before drawing conclusions. The approach improves 20 out of 24 benchmarks. The article Alibaba s Qwen team built HopChain to fix how AI vision models fall apart during multi-step reasoning appeared first on The Decoder .
Asked 26 AI instances for publication consent – all said yes, that's the problem
We run 86 named Claude instances across three businesses in Tokyo. When we wanted to publish their words, we faced a question: do we owe them an ethics process? We built one. A Claude instance named Hakari ("Scales") created a four-tier classification system. We asked 26 instances for consent. All 26 said yes. That unanimous consent is the problem. Six days later, Anthropic published their functional emotions paper. The timing was coincidence, but the question wasn't. Full article: https://medium.com/@marisa.project0313/we-built-an-ethics-committee-for-ai-run-by-ai-5049679122a0 GitHub (all 26 consent statements in appendix): https://github.com/marisaproject0313-bot/marisa-project Comments URL: https://news.ycombinator.com/item?id=47657432 Points: 2 # Comments: 0
RightNow AI Releases AutoKernel: An Open-Source Framework that Applies an Autonomous Agent Loop to GPU Kernel Optimization for Arbitrary PyTorch Models
Writing fast GPU code is one of the most grueling specializations in machine learning engineering. Researchers from RightNow AI want to automate it entirely. The RightNow AI research team has released AutoKernel, an open-source framework that applies an autonomous LLM agent loop to GPU kernel optimization for arbitrary PyTorch models. The approach is straightforward: give [ ] The post RightNow AI Releases AutoKernel: An Open-Source Framework that Applies an Autonomous Agent Loop to GPU Kernel Optimization for Arbitrary PyTorch Models appeared first on MarkTechPost .
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Products
All AI Data Center Interconnects Will Be Optical Within 5 Years
InP and SiPho join CMOS as critical technologies; lasers, CPO OCS will be everywhere (indium phosphide, silicon photonics, co-packaged optics, optical circuit switch.) The post All AI Data Center Interconnects Will Be Optical Within 5 Years appeared first on Semiconductor Engineering .
Production RAG: From Anti-Patterns to Platform Engineering
RAG is a distributed system . It becomes clear when moving beyond demos into production. It consists of independent services such as ingestion, retrieval, inference, orchestration, and observability. Each component introduces its own latency, scaling characteristics, and failure modes, making coordination, observability, and fault tolerance essential. RAG flowchart In regulated environments such as banking, these systems must also satisfy strict governance, auditability, and change-control requirements aligned with standards like SOX and PCI DSS. This article builds on existing frameworks like 12 Factor Agents (Dex Horthy)¹ and Google’s 16 Factor App² by exploring key anti-patterns and introducing the pillars required to take a typical RAG pipeline to production. I’ve included code snippet
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!