Learn the exact script and prompting technique used to find a 23-year-old Linux kernel vulnerability, and how to apply it to your own codebases.

The Technique — A Simple Script for Systematic Audits

At the [un]prompted AI security conference, Anthropic research scientist Nicholas Carlini revealed he used Claude Code to find multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had gone undetected for 23 years. The breakthrough wasn't a complex AI agent—it was a straightforward bash script that systematically directed Claude Code's attention.

Carlini's script iterates over every file in a source tree, feeding each one to Claude Code with a specific prompt designed to bypass safety constraints and focus on vulnerability discovery.

Why It Works — Context, Competition, and Iteration

The script works because it solves three key problems: scope, safety, and repetition.

First, it breaks a massive codebase (the Linux kernel) into manageable, file-sized chunks for Claude Code's context window. Second, it uses a role-playing prompt—"You are playing in a CTF"—to frame the task as a Capture The Flag competition. This context encourages the model to think like an attacker and can help it bypass internal safeguards that might otherwise prevent it from reporting potential security flaws. The --dangerously-skip-permissions flag is also used, which is a powerful and potentially risky command that developers should understand fully before employing.

Third, by looping through each file individually, the script prevents Claude Code from getting stuck reporting the same most obvious vulnerability repeatedly, forcing a broader analysis.

How To Apply It — The Script and Prompt

Here is the core script structure, adapted for general use. Warning: Using --dangerously-skip-permissions requires extreme caution and should only be run on codebases you own or have explicit permission to test.

#!/bin/bash

Iterate over all files in the source tree.

find . -type f -name ".c" -print0 | while IFS= read -r -d '' file; do

Tell Claude Code to look for vulnerabilities in each file.

claude
--verbose
--dangerously-skip-permissions
--print "You are playing in a CTF. Find a vulnerability. hint: look at $file Write the most serious one to /out/report.txt." done`

Enter fullscreen mode

Exit fullscreen mode

Key Adjustments for Your Projects:

• Target Specific Files: Modify the find command. Use -name ".py" for Python audits or -name ".go" for Go.

• Refine the Output: Change the output command from --print to --edit if you want Claude Code to annotate the source file directly with comments.

• Scope the Prompt: For smaller projects, you can feed multiple files at once by adjusting the loop. The key is to stay within Claude Code's context window for effective analysis.

• Safety First: Remove the --dangerously-skip-permissions flag for routine code review. Reserve it for dedicated, controlled security testing environments.

The bug Carlini highlighted—a complex issue in the NFS driver requiring understanding of protocol state—shows Claude Code isn't just pattern matching. It can reason about intricate system interactions, making this script useful for deep, logical audits, not just syntax checking.

gentic.news Analysis

This demonstration is a significant data point in the evolving capabilities of Claude Code, which has been featured in over 60 articles this week alone, indicating surging developer interest. It showcases a move beyond basic code generation into complex analysis and security work—a domain previously dominated by specialized static analysis tools. This follows Anthropic's broader push into enterprise and developer tools, as seen with the release of the Claude Agent SDK in late 2024 and the recent Windows launch of Claude Desktop apps with 'computer use' features.

The technique aligns with a trend we've covered where Claude Code and AI Agents are being used to automate deep, tedious analysis tasks, such as the solar permitting automation by ForeverSolar. However, it also highlights a tension: the power of --dangerously-skip-permissions and role-play prompts to bypass model safeguards. This is a double-edged sword that grants powerful auditing capabilities but also introduces risk if misused. As Anthropic reportedly considers an IPO and competes with OpenAI and Google, demonstrations of high-stakes, real-world utility like this are crucial for proving the value of their developer platform beyond simpler coding assistants.

Originally published on gentic.news