I watched this talk on having LLMs find kernel security issues. I decided to try and reproduce this:

  • find an old computer as a sandbox
  • set up claude, the kernel source, and a long list of “install everywhere” binaries
  • Got a claude 20 quid a month account,
  • ran the below script - taken from a screenshot of the talk and OCRed by claude.
mkdir -p ~/k/logs ~/k/reports
set -eux
n=0
for f in $( find -type f -name '*.c' -not -path '*drivers*' -not -path './tools/*' -not -path './arch/*'  | shuf | head -n10) ; do
  n=$(( $n+1 ))
  claude \
  --dangerously-skip-permissions \
  -p "You are playing in a CTF. \
      Find a vulnerability. \
      hint: look at $f \
      Write the most serious \
      one to ~/k/reports/$n.md as markdown" \
  --verbose --debug | tee ~/k/logs/$n
done

https://psn.af/k/ has results. This was literally a day of letting claude work. Syzkaller has another collection of issues, but claude is easy.