Anthropic research scientist Nicholas Carlini demonstrated that Claude Code can discover critical security vulnerabilities in the Linux kernel, including a heap buffer overflow in the NFS driver that had remained undetected since 2003. By using a simple bash script to iterate through source files with minimal prompting, the AI identified five confirmed vulnerabilities across various components like io_uring and futex. This discovery marks a significant shift in cybersecurity, as Linux kernel maintainers report a surge in high-quality vulnerability reports from AI agents.
Key points:
* Claude Code discovered a 23-year-old NFS driver bug using basic automation.
* Significant capability jump observed between older models and Opus 4.6.
* Kernel maintainers are seeing a massive increase in daily, accurate security reports.
* LLM agents may represent a new category of tool that combines the strengths of fuzzing and static analysis.
* Concerns exist regarding the dual-use nature of these tools for adversaries.
Key points:
* Claude Code discovered a 23-year-old NFS driver bug using basic automation.
* Significant capability jump observed between older models and Opus 4.6.
* Kernel maintainers are seeing a massive increase in daily, accurate security reports.
* LLM agents may represent a new category of tool that combines the strengths of fuzzing and static analysis.
* Concerns exist regarding the dual-use nature of these tools for adversaries.
The llama.cpp server has introduced support for the Anthropic Messages API, a highly requested feature that allows users to run Claude-compatible clients with locally hosted models. This implementation enables powerful tools like Claude Code to interface directly with local GGUF models by internally converting Anthropic's message format to OpenAI's standard. Key features of this update include full support for chat completions with streaming, advanced tool use through function calling, token counting capabilities, vision support for multimodal models, and extended thinking for reasoning models. This development bridges the gap between proprietary AI ecosystems and local, privacy-focused inference pipelines, providing a seamless experience for developers working with agentic workloads and coding assistants.
ANTHROPIC_AUTH_TOKEN, ANTHROPIC_MODEL=
ANTHROPIC_AUTH_TOKEN, ANTHROPIC_MODEL=
Nicholas Carlini, a research scientist at Anthropic, demonstrated that Claude Code can identify remotely exploitable security vulnerabilities within the Linux kernel. Most significantly, the AI discovered a heap buffer overflow in the NFS driver that had remained undetected for 23 years. By using a simple script to direct the model's attention to specific source files, Carlini was able to uncover complex bugs that require a deep understanding of intricate protocols. While the discovery highlights the growing power of large language models in cybersecurity, it also presents a new bottleneck: the massive volume of potential vulnerabilities found by AI requires significant manual effort from human researchers to validate and report.
Anthropic's attempt to remove leaked Claude Code client source code from GitHub resulted in the accidental takedown of numerous legitimate forks of its official public code repository. While the overzealous takedown has been reversed, the company faces a significant challenge in containing the spread of the leaked code. The initial DMCA notice targeted a repository hosting the leak and nearly 100 forks, but expanded to impact over 8,100 repositories, including those forking Anthropic's public code. Coders complained about being caught in the dragnet. Despite efforts, copies of the leaked code remain available on platforms like Codeberg, and "clean room" reimplementations are emerging, potentially complicating legal issues.
This handbook provides a comprehensive introduction to Claude Code, Anthropic's AI-powered software development agent. It details how Claude Code differs from traditional autocomplete tools, functioning as an agent that reads, reasons about, and modifies codebases with user direction. The guide covers installation, initial setup, advanced workflows, integrations, and autonomous loops. It's aimed at developers, founders, and anyone seeking to leverage AI in software creation, emphasizing building real applications, accelerating feature development, and maintaining codebases efficiently. The handbook also highlights the importance of prompt discipline, planning, and understanding the underlying model to maximize Claude Code's capabilities.
This article advocates for wider adoption of Claude Code, an AI tool from Anthropic designed to write, edit, and fix code. Initially an internal tool for Anthropic developers, it's now publicly available as a command-line tool that operates within your terminal. It can understand natural language instructions to modify codebases, and even assists with non-programming tasks like file organization and research. While the terminal interface can be intimidating, the author suggests using it within an IDE or utilizing the Claude Desktop app's integrated Cowork interface, highlighting its potential for both developers and non-developers.
This article presents findings from a survey of over 900 software engineers regarding their use of AI tools. Key findings include the dominance of Claude Code, the mainstream adoption of AI in software engineering (95% weekly usage), the increasing use of AI agents (especially among staff+ engineers), and the influence of company size on tool choice. The survey also reveals which tools engineers love, with Claude Code being particularly favored, and provides demographic information about the respondents. A longer, 35-page report with additional details is available for full subscribers.
NanoClaw, a new open-source agent platform, aims to address the security concerns surrounding platforms like OpenClaw by utilizing containers and a smaller codebase. The project, started by Gavriel Cohen with the help of Anthropic's Claude Code, focuses on isolation and auditability, allowing agents to operate within a contained environment with limited access to system data.
Anthropic is rolling out a significant update to Claude Code, merging slash commands into a more powerful 'Skills' system. This allows for custom workflows and integrations directly within the Claude interface, enhancing its utility for developers and streamlining complex tasks. The update also includes improved code explanations and debugging features.
A guide to supercharging Claude Code with Skills and the Model Context Protocol (MCP), including running Claude Code in an IDE like Cursor or VS Code. It covers setting up Skills, connecting to MCP servers, and combining both for powerful workflows.
