Claude just wrote a working FreeBSD kernel exploit. Here's what that means for developers.
Yesterday, a security researcher published CVE-2026-4747: a remote kernel RCE with root shell on FreeBSD — written almost entirely by Claude.
The write-up is on GitHub. It's real. It's working. And it's currently trending on Hacker News.
What actually happened
The researcher gave Claude a high-level description of the target attack surface and let it reason through the exploit chain. Claude:
- Identified the vulnerable code path in the FreeBSD kernel
- Wrote the proof-of-concept exploit
- Debugged the offset calculation for the root shell
- Produced working C code that achieves remote code execution
This isn't a toy demo. CVE-2026-4747 is a real vulnerability, now patched, that was found with Claude as a primary co-researcher.
What this tells us about Claude's capabilities
Security research is the hardest test for an AI coding assistant:
- You need deep understanding of system internals (kernel memory layout, scheduler, privilege escalation primitives)
- You need to reason across multiple abstraction layers simultaneously
- Errors in logic = segfault or no-op, not a helpful error message
- The "correct" answer is often not in any training data
Claude passed this test. Not perfectly — the researcher guided the process — but as a co-researcher it was genuinely useful.
The practical takeaway for developers
If Claude can help find a kernel RCE, it can definitely help with your:
- Complex debugging sessions
- Security audit of your codebase
- Understanding unfamiliar system internals
- Writing low-level code (C, Rust, assembly stubs)
The question isn't can Claude do hard things. The question is: what's your cost to access it?
The pricing math nobody talks about
Claude Pro is $20/month. Claude API access (pay-per-token) can run $50-200+/month for heavy users.
But here's what most developers don't realize: you can access the same Claude model via API for a flat $2/month at SimplyLouie.
Same model. Same capability. The one that just helped write a kernel exploit.
# Same Claude that found CVE-2026-4747, for $2/month
curl https://simplylouie.com/api/chat \
-H "Authorization: Bearer YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"messages": [{"role": "user", "content": "Analyze this C function for memory safety issues: ..."}]
}'
For security research, code review, debugging, or just asking hard technical questions — the access cost shouldn't be what limits you.
Using Claude for security research: what works
Based on the CVE-2026-4747 write-up and general security research patterns:
What Claude does well:
- Static analysis of C/C++ code for memory safety issues
- Understanding kernel subsystem interactions
- Explaining exploit primitives (use-after-free, heap feng shui, ROP chains)
- Writing PoC code once the vulnerability class is identified
- Reasoning about privilege escalation paths
What still needs human judgment:
- Identifying which attack surface to target
- Validating that the PoC actually works
- Understanding the full scope of impact
- Responsible disclosure decisions
Prompt pattern that works:
I'm analyzing [subsystem] in [codebase] version [X].
I believe there may be a [vulnerability class] in [function/module].
Here's the relevant code: [paste]
Can you trace the data flow and identify if user-controlled input
can reach [dangerous operation] without proper validation?
The bigger picture
CVE-2026-4747 will not be the last AI-assisted CVE. The security research community is actively integrating Claude and other LLMs into their workflows.
For defensive security engineers, this is actually good news: the same tools that help find vulnerabilities help you audit your own code faster.
For developers: the bar for "you should understand security" just got lower. Claude can explain kernel memory layout, walk you through a CVE analysis, or review your authentication code — if you have access to it.
7-day free trial, then $2/month: simplylouie.com
Same Claude that wrote CVE-2026-4747's PoC. No per-token billing. No $20/month subscription.
The researcher who found CVE-2026-4747 used Claude as a tool, not a replacement for expertise. Always disclose vulnerabilities responsibly.
Top comments (0)