Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
Summary
A security researcher used Anthropic's Claude Code LLM to discover zero-day remote code execution vulnerabilities in both Vim and GNU Emacs. The LLM found flaws in minutes that would typically take days of manual effort and fuzzing, and even helped develop proof-of-concept exploits.
IFF Assessment
The ability of AI to rapidly discover zero-day vulnerabilities poses a significant threat as it can accelerate the creation of exploits by malicious actors.
Severity
This CVSS score reflects the potential for critical impact (Remote Code Execution) with low complexity and minimal user interaction required, as evidenced by the vulnerability triggering simply by opening a file.
Defender Context
This highlights a new paradigm where AI can be used by both defenders and attackers to find vulnerabilities. Defenders must consider how AI can be leveraged for proactive security testing and red teaming, while also being aware that attackers can achieve similar results faster.