It's worth mentioning that the recent high CVE privilege escalation bugs were discovered by AI.
There is some good, but it's important that the submitters include very clear POCs to make verification trivial for maintainers.
this post was submitted on 18 May 2026
269 points (98.6% liked)
Linux
13701 readers
551 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
Short version: AI is not a shortcut to being a Linux programmer and contributor. You still actually need to know how to read/write code and documentation.
Which should be obvious but the hype has brainwashed the masses into thinking they can be overnight successes using AI. 😒
Incompetent buffoons thinking AI makes them an artist, a musician or in this case a programmer. It's about as pathetic as Elon Musk as an individual.
I've definitely used it and helped me learn and accomplish things I wouldn't have otherwise since I am not professionally a programmer. But whipping up something custom that works for our organization with the bare minimum security bolted onto the front. Even if it does take 3 hours to walk through the hallucinations before I learn the concept of what I was trying to do through its attempts and get it setup.
I'm not ready to make a push to a repo yet haha. An important life skill is recognizing what you do not know.
the linked source is the kernel mailing list.
https://lkml.org/lkml/2026/5/17/896
"
From Linus Torvalds <>
Date Sun, 17 May 2026 14:29:22 -0700
Subject Linux 7.1-rc4
You all know the drill by now - another week, another release candidate.
Things continue to look fairly normal (where "normal" is the "new
normal" with a fair amount of changes). Drivers are about half the
patch, with GPU leading the way as is tradition. But there's a little
bit of everything in driver land.
The rest is mostly networking, core kernel, filesystems, and arch updates.
Some of the documentation updates might be worth highlighting: the
continued flood of AI reports has basically made the security list
almost entirely unmanageable, with enormous duplication due to
different people finding the same things with the same tools. People
spend all their time just forwarding things to the right people or
saying "that was already fixed a week/month ago" and pointing to the
public discussion.
Which is all entirely pointless churn, and we're making it clear that
AI detected bugs are pretty much by definition not secret, and
treating them on some private list is a waste of time for everybody
involved - and only makes that duplication worse because the reporters
can't even see each other's reports.
AI tools are great, but only if they actually help, rather than cause
unnecessary pain and pointless make-believe work. Feel free to use
them, but use them in a way that is productive and makes for a better
experience.
The documentation may be a bit less blunt than I am, but that's the
core gist of it. So just to make it really clear: if you found a bug
using AI tools, the chances are somebody else found it too. If you
actually want to add value, read the documentation, create a patch
too, and add some real value on top of what the AI did. Don't be the
drive-by "send a random report with no real understanding" kind of
person. Ok?
- Linus
"
“So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?”
Makes sense to me, most of the time the AI output need to be used as input for a human who can then deliver the real value, or at least verify the correctness of the AI output.
The funny thing is that this is the ONE usecase where LLMs can't themselves make anything worse, because if used sensibly it's basically just a black box that pokes at your software until something breaks, the whole point is to break things!
But of course AI-users can't even fucking handle that, they're so utterly incapable of doing any work themselves that "look at the thing and write down things that go wrong and why it went wrong, and check if it has already been reported before submitting your own report" is too much for them to handle.
@anamethatisnt @cm0002 And besides that, many people burning energy totally needless...
But, at least more script kiddies feeling important.....
Too bad the old Torvalds has gone, replaced by this mild-mannered gentleman. The idiot submitters could really do with a bit of stern telling-to.
It was a conspiracy from the beginning! AI bros knew they needed to nerf Linus ahead of time in order to succeed!
You’re attributing too much independent though, rationality, intelligence and forward thinking to people that have outsourced their brains to a chatbot - and a meagre one at that. Maybe oooohhh MYTHOS aaaAahhh is recursive self improving???
cm0002 meant it with /s
I don’t know, I can’t tell anymore. I work at Clanker Town, I am knee deep in the braindead, inundated with “ohhh claude code awwww yissss”. Actually, I feel often like I’m nearing the end of a Last Nan Standing type of game and all the rest of humanity has turned into cyber zombies.
So yeah, I might miss this kind of sarcasm. Sorry.
What a fucking headline. Just wow. Care to mention the context and the part where he said it was helpful?
Better get an AI to manage the mailbox then eh /s
Train it exclusively on Linus's entire mailing list history so that it actively insults poor merge requests and code lol.
Linus-AI adds # And fuck nVidia! to the end of every patch.
Hahaha this might just work
This is how many spam filters have worked for a very long time. Using an LLM to help with classification could be a real option.
It wouldn't help with determining which security reports are slop and which are real, though.
Ironically, this is probably the way it is going to go. As we keep going deeper into the information age, managing all the information thrown at us is becoming unmanageable. With the introduction of AI it will get worse, even as AI becomes the only way of handling the influx of information. Using machine learning has been a way to sort information for a long time (spam sorting is a type of AI after all) and present generative AI are an evolution of that.
I dont think thats necessarily true.
FWIW im team "AI can be a useful tool", but on the day when other people's chat bots start emailing my chat bot who summarises it for me im just going to go throw my laptop in the river.
I think Linus has kind of addressed it: if you found it with a tool then we already found it.
Maybe im being naive. IDK. Im so sick of tech just generally.
I call my AI "ctrl-a delGPT"
Actually.. Not a bad idea
Only "almost" so it's still fine. /j
maybe he will finally stop using a fucking mailing list then
It would make it easier for people to find if a bug has already been reported, which is what Torvalds mentions as being a problem.
The mailing list for security vulnerabilities is private, in order to keep zero days a secret before they are patched. This is the issue, not the mailing list. Moving away from mailing lists wouldn't solve this because the vulnerabilities would still have to be private.
@qaz That is right! Looks they need a bugtracker, ideally a bugtracker integrated with the mailing list.
Well, they already use Bugzilla. Although I personally do not find it particularly intuitive to use.
Didn't he say it's okay to submit AI slop code "as long as submitters take responsibility"? Didn't he also say AI writes better code than him?
If this wasn't an invitation to submit slop code PRs, I don't know what it was.
You asked for it and now you have it.
I guess it's time to use AI to manage that mailing list...
Didn’t he also say AI writes better code than him?
Unless I'm mistaken, he said that about Python. He doesn't usually write Python, see the commit message here: torvalds/AudioNoise@4e524250.
A completely false and reductionist interpretation of what he said.