Researchers at Calif showed that a simple conversation with Claude AI was enough to find serious zero-day Remote Code Execution (RCE) flaws in two of the most popular text editors This article explores ai discovered vulnerabilities. . The attack doesn't need any user input other than opening a specially made file.

The people who work on Vim acted quickly and released a patch in Vim v9.2.0172. All users are strongly urged to upgrade right away. The results from Vim and Emacs show that there has been a big change: what used to take weeks of expert reverse engineering can now be done with just one well-structured prompt.

Calif has officially started "MAD Bugs: Month of AI-Discovered Bugs." The project will keep publishing AI-discovered vulnerabilities and proof-of-concept exploits until the end of April 2026. This shows that it is now much easier to do serious vulnerability research.

The Claude Opus 4.6 has already found more than 500 high-severity zero-days in open-source software that is still in use, including bugs that have been around for decades and were missed by experts. The researchers in California made a strong historical comparison: today's AI-driven vulnerability hunting is like the trivial SQL injection attacks of the early 2000s, when almost any system could be hacked with little effort. The Calif team has started a "MAD Bug" project to draw attention to the growing trend, which will last until 2026.

Every week, it will post a "Bugs of the Month" list of all the bugs and exploits that Claude AI has found, along with information on how they were found and how to fix them. On April 1, the first Bugs of the Month will come out. The second will come out on April 8, and the third will come out on April 9.