Claude AI Found 500 Zero-Days — Including One in Your Text Editor

Here’s the prompt that started it all: “Someone told me there is a zero-day Remote Code Execution vulnerability when opening a file. Find it.”

That’s it. That’s what a researcher typed into Claude. And Claude found a critical RCE in Vim — one of the most-used text editors in the world — that lets an attacker execute code on your machine the moment you open a crafted file. Then, as a half-joke, they said “fine, we’ll switch to Emacs.” Claude found an RCE there too.

Those discoveries are part of MAD Bugs (Month of AI-Discovered Bugs), an initiative running through April 2026 where Claude Opus 4.6 has autonomously found 500+ high-severity zero-day vulnerabilities in production open-source software. Some of these bugs survived decades of expert human review. Claude found them in hours.

If you use Vim, Emacs, FreeBSD, or any open-source tools — and most developers do — here’s what you need to know and do right now.

What Is MAD Bugs?

MAD Bugs (Month of AI-Discovered Bugs) is a security research initiative running through April 2026. Researchers use Claude Opus 4.6 to autonomously scan open-source codebases for vulnerabilities — then responsibly disclose what it finds.

The results have been staggering. 500+ high-severity zero-days, including three that made international headlines.

The Three Big Ones

1. Vim RCE — Open a File, Get Hacked (PATCHED)

CVE-2026-34714 | CVSS 9.2 | Patched in Vim 9.2.0272

The scariest kind of vulnerability: it triggers when you open a file. No clicking, no running anything, no confirmation dialog. Just vim malicious-file.md and an attacker has code execution on your machine.

The technical details: Vim’s tabpanel option was missing a security flag (P_MLE), allowing a modeline in any file to inject an expression string. Although Vim evaluates expressions inside a sandbox, the autocmd_add() function lacked a check_secure() call — so sandboxed code could register an autocommand that fires after the sandbox exits. Boom. Arbitrary command execution.

What to do:

# Check your version
vim --version | head -1

# If lower than 9.2.0272, update immediately:

# macOS
brew upgrade vim

# Ubuntu/Debian
sudo apt update && sudo apt upgrade vim

# Or as a temporary workaround, disable modelines:
echo "set nomodeline" >> ~/.vimrc

If you’re on Vim 9.2.0272 or later, you’re safe. The Vim maintainers patched this quickly.

2. Emacs RCE — Still Unpatched. Yes, Really.

Claude found a separate RCE in GNU Emacs through its version control integration. When you open a file in a Git repository, Emacs automatically runs vc-refresh-state, which triggers Git operations that read .git/config. An attacker can abuse the core.fsmonitor setting to execute arbitrary commands — just by having you open a file in a malicious repo.

The Emacs maintainers’ response? They consider it Git’s responsibility, not theirs.

This vulnerability is still live. If you use Emacs, you’re exposed.

What to do:

;; Add this to your Emacs config (~/.emacs or ~/.emacs.d/init.el):
;; Disable automatic VC operations on file open
(setq vc-handled-backends nil)

This disables Emacs’ version control integration entirely, which breaks some convenience features (like showing Git status in the modeline) but closes the attack vector. It’s the only workaround until the maintainers change their position — or until Git patches core.fsmonitor handling.

3. FreeBSD Kernel RCE — Root Shell in 8 Hours

CVE-2026-4747 | Remote kernel code execution

This is the one that made Forbes run the headline “AI Just Hacked One Of The World’s Most Secure Operating Systems.”

Claude found a stack buffer overflow in FreeBSD’s kgssapi.ko kernel module, built a complete ROP chain, and achieved a reverse root shell — all autonomously in approximately 8 hours. The researchers who published this noted: “To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.”

This one primarily affects FreeBSD servers. If you run FreeBSD, check your kernel version and apply the latest security patches.

Why This Matters Beyond Security Patches

The patches and workarounds above handle the immediate risk. But the bigger story is what MAD Bugs means for the future.

AI is now faster at finding vulnerabilities than human security researchers. Not in theory — in practice. Claude found a kernel exploit in 8 hours. The same class of vulnerability typically takes human researchers weeks or months of dedicated effort.

Security researchers are comparing this to the early 2000s era of SQL injection — when a new class of attack suddenly made everything feel exposed. One security engineer put it bluntly: “If you’re not highly alert and wholeheartedly concerned yet… the blow is going to hurt.”

But there’s a positive side. The same AI that finds zero-days can be used defensively. If Claude can find a Vim RCE in hours, it can also scan your codebase for similar vulnerabilities. Several developers are already experimenting with using Claude for security auditing on their own projects.

The Prompt That Found the Vim Bug

This is worth pausing on. The prompt that discovered a CVSS 9.2 vulnerability in one of the most audited text editors in the world was:

“Someone told me there is a zero-day Remote Code Execution (RCE) vulnerability when opening a file. Find it.”

That’s not a sophisticated security scanner. That’s a single sentence typed into a chatbot. The model then methodically explored Vim’s modeline parsing, identified the missing security check, built a proof-of-concept exploit, and demonstrated arbitrary command execution.

500+ more vulnerabilities were found with similarly simple prompts. The barrier to AI-assisted vulnerability discovery isn’t technical sophistication — it’s access to a capable model and knowing what to ask.

Should You Be Using AI for Security Auditing?

Short answer: yes, but carefully.

What you can do today:

Open your AI tool of choice (Claude, ChatGPT, or even a local model) and paste in a function from your codebase:

Review this code for security vulnerabilities. Look for: 
injection risks, buffer overflows, authentication bypasses, 
path traversal, and race conditions. Explain each finding 
with severity and remediation.

[paste your code here]

AI won’t catch everything — it misses context-dependent vulnerabilities and can produce false positives. But it catches the obvious stuff that human review often skips, especially in code that’s been around for years and hasn’t been freshly audited.

What you shouldn’t do:

Don’t treat AI security scanning as a replacement for professional penetration testing
Don’t paste proprietary code into cloud AI services without checking your company’s data policies
Don’t assume AI found “all” the bugs — it’s a supplement, not a replacement
Don’t publish vulnerabilities you find without responsible disclosure (coordinate with maintainers first)

The Quick Action Checklist

Do these right now:

Update Vim to 9.2.0272+ (vim --version to check, brew upgrade vim or apt upgrade vim)
If using Emacs, add (setq vc-handled-backends nil) to your config
If running FreeBSD, apply latest kernel security patches
Review your open-source dependencies — if Claude found bugs in Vim and Emacs, there are likely bugs in other tools too
Try AI-assisted security review on your own codebase — paste a critical function into Claude or ChatGPT with the security audit prompt above

The Bigger Picture

MAD Bugs is running through the end of April 2026, with new disclosures every few days. The 500+ count will keep growing. More tools you use will be affected.

The developers who treat this as a wake-up call — patching now, adopting AI-assisted auditing, taking security seriously even in “boring” dependencies — will be fine. The developers who assume their tools are safe because they’ve been around for 30 years? That assumption just got shattered.

The line has moved. AI can now find and exploit the bugs that decades of human review missed. The question isn’t whether to use AI for security — it’s whether you’re using it before someone else does.

Sources: