Skip to content

Linus Torvalds: “Pointless Back-and-Forth” Over AI-Found Vulnerabilities

The letters AI flutter around check marks and warning triangles. (Image: tadamichi/Shutterstock.com). Linux inventor Linus Torvalds finds AI tools for security not bad, but criticizes the current handling of the vulnerabilities. In his weekly update on Linux kernel development, Linus Torvalds has this time also commented on the flood [1] of security vulnerabilities [3] found via AI tools [2]. The inventor of Linux, who describes himself as often speaking “bluntly,” does not complain that so many vulnerabilities are currently being found. However, he considers the handling of the findings and how they are published to be problematic. On the one hand, there are numerous duplicates, which is in the nature of things: if someone finds a vulnerability using an AI tool, someone else can do the same. Such findings are “by definition not a secret,” writes Torvalds [4]. Therefore, they should not be immediately forwarded to the responsible persons in the community, but first checked to see if the vulnerability may not already be closed. The security mailing list has become “almost completely unmanageable” due to the many duplicates and discussions about them. “Do more than the AI!”. Even worse is the handling of vulnerabilities on private lists. This results only in “pointless back-and-forth” – precisely because the former secret is no longer one due to the existence of an AI tool that can find it. One should not submit more pointless reports, but rather immediately provide a patch for the found vulnerability, Torvalds believes. “AI tools are great,” writes the developer. But if you use them, you have to do more than just that alone. You must “contribute real added value, in addition to what the AI did,” Torvalds demands. (nie [6]). URL of this article:. https://www.heise.de/-11297944. Links in this article:. https://www.heise.de/news/Privilegienausweitung-in-Linux-Lokale-Nutzer-koennen-fremde-Dateien-lesen-11295751.html. https://www.heise.de/news/Linux-Luecke-Copy-Fail-wird-bereits-angegriffen-11279850.html. https://www.heise.de/news/Dirty-Frag-Linux-Luecken-verschaffen-root-Rechte-11286691.html. https://lkml.org/lkml/2026/5/17/896. https://www.heise.de/newsletter/anmeldung.html?id=ki-update&wt_mc=intern.red.ho.ho_nl_ki.ho.markenbanner.markenbanner. mailto:nie@heise.de. Copyright © 2026 Heise Medien

heise security News

Share on: