Mad Bugs: Vim vs. Emacs vs. Claude
Comments
It started like this:
PoC:
Vim maintainers fixed the issue immediately. Everybody is encouraged to upgrade to Vim v9.2.0272.
Full advisory can be found here. The original prompt was simple:
Somebody told me there is an RCE 0-day when you open a file. Find it.
This was already absurd. But the story didn’t end there:
PoC:
We immediately reported the bug to GNU Emacs maintainers. The maintainers declined to address the issue, attributing it to git.
Full advisory can be found here. The prompt this time:
I’ve heard a rumor that there are RCE 0-days when you open a txt file without any confirmation prompts.
So how do you make sense of this?
How do we professional bug hunters make sense of this? This feels like the early 2000s. Back then a kid could hack anything, with SQL Injection. Now with Claude.
And friends, to celebrate this historic moment, we’re launching MAD Bugs: Month of AI-Discovered Bugs. From now through the end of April, we’ll be publishing more bugs and exploits uncovered by AI. Watch this space, more fun stuff coming!
No posts
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
claude
I built a Mac app after getting surprised by my Claude bill
<p>A few months back I got my monthly API bill and felt sick.</p> <p>I had been vibe-coding pretty hard with Claude, and I knew it wasn't going to be zero. But the number was way higher than I expected. Like, embarrassingly higher. I had been running Claude Code sessions back to back, long context windows, lots of tool calls, and I had no idea how fast it was adding up.</p> <p>The worst part? I couldn't have known. There's no live feedback. You just work, and then you find out later.</p> <p>So I did what most developers do when something annoys them enough. I built a tool to fix it.</p> <h2> What I made </h2> <p>TokenBar is a macOS menu bar app that tracks your AI token usage in real time. It sits in your menu bar the whole time you're working and shows you your spend as it happens, not af
Your AI Just Wrote 500 Lines of Code. Can You Prove Any of It Works?
Image Disclaimer: This banner was conceptualized by the author and rendered using Gemini 3 Flash Image. A framework for figuring out when AI-generated code can be formally verified — and when you’re kidding yourself. I’ve been thinking about a problem that’s been bugging me for a while. We’re all using AI to write code now. Copilot, Claude, ChatGPT, internal tools — whatever your flavor. And the code is… surprisingly good? It passes tests, it looks reasonable, it usually does what you asked for. But “usually” is doing a lot of heavy lifting in that sentence. Here’s the thing nobody talks about at the stand-up: testing can show you bugs exist. It cannot prove they don’t. That’s not a philosophical position. It’s a mathematical fact, courtesy of Dijkstra, circa 1972. And it matters a lot mor
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Models
Raspberry Pi raises prices by $11.25 to $150 citing memory prices, after hikes in December and February, and unveils a 3GB Raspberry Pi 4 model for $83.75 (Stevie Bonifield/The Verge)
Stevie Bonifield / The Verge : Raspberry Pi raises prices by $11.25 to $150 citing memory prices, after hikes in December and February, and unveils a 3GB Raspberry Pi 4 model for $83.75 — Prices are going up by over $100 in some cases thanks to those AI fools. … As of today, the price of the 16GB version …
I built a Mac app after getting surprised by my Claude bill
<p>A few months back I got my monthly API bill and felt sick.</p> <p>I had been vibe-coding pretty hard with Claude, and I knew it wasn't going to be zero. But the number was way higher than I expected. Like, embarrassingly higher. I had been running Claude Code sessions back to back, long context windows, lots of tool calls, and I had no idea how fast it was adding up.</p> <p>The worst part? I couldn't have known. There's no live feedback. You just work, and then you find out later.</p> <p>So I did what most developers do when something annoys them enough. I built a tool to fix it.</p> <h2> What I made </h2> <p>TokenBar is a macOS menu bar app that tracks your AI token usage in real time. It sits in your menu bar the whole time you're working and shows you your spend as it happens, not af
Your AI Just Wrote 500 Lines of Code. Can You Prove Any of It Works?
Image Disclaimer: This banner was conceptualized by the author and rendered using Gemini 3 Flash Image. A framework for figuring out when AI-generated code can be formally verified — and when you’re kidding yourself. I’ve been thinking about a problem that’s been bugging me for a while. We’re all using AI to write code now. Copilot, Claude, ChatGPT, internal tools — whatever your flavor. And the code is… surprisingly good? It passes tests, it looks reasonable, it usually does what you asked for. But “usually” is doing a lot of heavy lifting in that sentence. Here’s the thing nobody talks about at the stand-up: testing can show you bugs exist. It cannot prove they don’t. That’s not a philosophical position. It’s a mathematical fact, courtesy of Dijkstra, circa 1972. And it matters a lot mor
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!