AI Coding Agents Find Real Zero-Days: Linux Reports Up 175x

AI coding agents crossed a critical inflection point in March 2026, and the findings are real zero-days — not AI slop. Four of the most respected names in open-source security all noticed the shift within the same few weeks. For months, Linux kernel maintainers had laughed off "AI slop": clearly wrong, obviously generated vulnerability reports clogging their inboxes. Then, roughly one month ago, the tone changed completely.

Now those reports are real. Correct. High-quality. And there are 35 to 175 times more of them than before. The inflection point has already passed — the only question is whether your team is ready for what comes next.

From "AI Slop" to Real Zero-Day Vulnerabilities

Greg Kroah-Hartman, one of the lead maintainers of the Linux kernel (the core software powering the majority of the world's servers, smartphones, and cloud infrastructure), described the shift bluntly in an interview with The Register:

"Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality. It was kind of funny... Something happened a month ago, and the world switched. Now we have real reports. All open source projects have real reports that are made with AI, but they're good, and they're real."

Willy Tarreau, the lead maintainer of HAProxy (a widely-used tool that balances web traffic across servers) and a Linux kernel contributor, put the volume in stark historical terms via LWN:

"We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year... now since the beginning of the year we're around 5–10 per day depending on the days (Fridays and Tuesdays seem the worst). Now most of these reports are correct... we're now seeing on a daily basis something that never happened before: duplicate reports, or the same bug found by two different people using (possibly slightly) different tools."

Run the math: 2–3 reports per week becoming 5–10 per day represents a 12–175x increase. And critically, Tarreau confirms most are now legitimate. The supply constraint (the bottleneck that limits how fast security work gets done) has shifted invisibly — from finding vulnerabilities to reviewing them.

The Numbers Behind the AI Security Crisis

The Linux kernel security pipeline is one of the most scrutinized codebases on earth. Here is what the volume shift looks like in practice:

• 2 years ago: 2–3 security reports per week — manageable, mostly human-authored
• 1 year ago: ~10 per week — early AI uptake, but quality still low
• Today (2026): 5–10 per day — post-inflection, mostly legitimate and correct
• Fold increase: 35x minimum, up to 175x at peak, compared to two years ago
• Brand-new phenomenon: Duplicate reports — the same vulnerability independently found by two different AI tools hours apart, something that had never happened at scale before

Daniel Stenberg, the creator and lead developer of cURL (the command-line data-transfer tool used by virtually every operating system, smartphone, and cloud service on earth — your browser is almost certainly running it right now), described his current daily reality in one word: "intense."

"The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a... plain security report tsunami. Less slop but lots of reports. Many of them really good. I'm spending hours per day on this now. It's intense."

HAProxy's maintainers brought on additional contributors — not because of new features or user growth, but purely to process the security report volume. That is a new, invisible organizational cost that appeared within months with essentially no warning.

"Find Me Zero Days" — Thomas Ptacek's Forecast

Thomas Ptacek, co-founder of Latacora (a security consulting firm handling high-stakes vulnerability research) and one of the most respected voices in exploit development (the specialized field of identifying and weaponizing software security flaws), published a forecast in a widely-shared analysis that is already being cited across security circles:

"Within the next few months, coding agents will drastically alter both the practice and the economics of exploit development. Frontier model improvement won't be a slow burn, but rather a step function. Substantial amounts of high-impact vulnerability research (maybe even most of it) will happen simply by pointing an agent at a source tree and typing 'find me zero days'."

A "zero day" is a previously unknown vulnerability — one with zero days of public existence, meaning no patch has been developed yet and no defense currently exists. Traditionally, finding a legitimate zero day in a mature, heavily-audited codebase like Linux or cURL required days or weeks of expert manual effort. Ptacek is saying that phase is ending.

The phrase "step function" is critical here. This is not gradual improvement — it is a cliff. Models that could not reliably identify real bugs last quarter are doing so at industrial scale this quarter. Simon Willison, the developer behind tools like Datasette and LLM (a command-line tool for interacting with AI models), has been tracking the trend across 11+ dedicated blog posts. His 48-second TikTok clip — excerpted from a 1-hour-40-minute podcast episode with product analyst Lenny Rachitsky — reached 1.1 million views. The topic: the cognitive debt (the invisible mental overhead that builds when you rely on automated tools for complex thinking) of working alongside coding agents.

# Track the ai-security-research trend at source:
# Simon Willison's tag: https://simonwillison.net/tags/ai-security-research/
# Full podcast (1h 40m): https://youtu.be/wc8FBhQtdsA
# Thomas Ptacek's analysis: https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/
# Lenny's Newsletter: https://www.lennysnewsletter.com/p/an-ai-state-of-the-union

Why This Hits Every Developer — Not Just Maintainers

The Axios JavaScript library (a tool used by tens of millions of web developers to make HTTP requests — the basic act of fetching data from an API or server) was recently hit by a sophisticated supply chain attack. A "supply chain attack" is one that doesn't target your computer directly but instead corrupts the software before it ever reaches you.

The attacker used a cloned video likeness of the company's founder and a fake branded Slack workspace to social-engineer a developer into installing a Remote Access Trojan (malware that silently gives attackers control of your machine) during what appeared to be a routine Microsoft Teams meeting. The Trojan stole npm credentials (the access keys for publishing software packages) and published a backdoored version of the library.

The implication is direct: as coding agents become proven tools for security research, the people who operate them become higher-value targets. Attackers are learning to compromise the operator rather than the operation. Concrete steps to protect yourself:

• Verify identities before sharing your screen — attackers can now clone founder video likenesses convincingly enough to pass casual inspection
• Treat unexpected credential requests during video calls as automatic red flags — the Teams/Slack impersonation vector is now documented and being replicated
• If you run security agents on open-source codebases, you are a higher-value target than a typical developer — update your credential hygiene and MFA (multi-factor authentication, a security system requiring two forms of ID to log in) accordingly
• Duplicate vulnerability reports arriving hours apart from different senders signal that automated agents are actively scanning that codebase — not a coincidence, and worth escalating

AI Automation Security: What Your Team Should Do Before the Next Step Function

Ptacek said "within the next few months." That window is open now. The Linux, cURL, and HAProxy maintainers are already living the post-inflection world — here is how to get ahead of it rather than be caught by it:

• Open-source maintainers: Design a triage process now for a 10–50x increase in security report volume. Projects that hired extra maintainers reactively lost weeks of runway; proactive process design costs far less
• Enterprise security teams: The same agents flooding open-source projects can be pointed at your internal codebases. Early movers have a 35–175x discovery rate advantage over teams still doing manual-only audits
• Individual developers: Willison's warning — "my ability to estimate software is broken" — applies directly to security timelines. Build explicit uncertainty buffers into any schedule that involves security review
• Engineering leads: Automating bug discovery without scaling review creates a downstream crisis. If you deploy coding agents for security, budget for the review workload they generate, not just the tooling cost

The inflection point has passed and the numbers are no longer theoretical. You can explore what these tools actually do at our AI automation setup guide, or go deeper with hands-on guides at our AI automation learning center. The maintainers of Linux, cURL, and HAProxy didn't get a warning — you do.

Related Content — Get Started | Guides | More News