惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
C
Cisco Blogs
WordPress大学
WordPress大学
H
Hackread – Cybersecurity News, Data Breaches, AI and More
The Cloudflare Blog
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
Intezer
Cyberwarzone
Cyberwarzone
T
The Blog of Author Tim Ferriss
博客园 - Franky
F
Fortinet All Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
G
Google Developers Blog
Recent Announcements
Recent Announcements
I
InfoQ
T
Threat Research - Cisco Blogs
V
V2EX
T
Tenable Blog
H
Help Net Security
Cisco Talos Blog
Cisco Talos Blog
T
Tailwind CSS Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
D
DataBreaches.Net
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
D
Docker
T
Tor Project blog
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
H
Heimdal Security Blog
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
Martin Fowler
Martin Fowler
AWS News Blog
AWS News Blog
IT之家
IT之家
Google DeepMind News
Google DeepMind News
NISL@THU
NISL@THU
Google Online Security Blog
Google Online Security Blog
Vercel News
Vercel News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
SecWiki News
SecWiki News
GbyAI
GbyAI
P
Proofpoint News Feed
月光博客
月光博客
Schneier on Security
Schneier on Security

The Register - Software: OSes

Fedora: Microsoft is all aboard, but Deepin is dumped Microsoft promises to do better, but it has a long way to go First big Microsoft update after vow to 'win back fans' Who needs ghost train scares when Windows is such a fright? Microsoft boss tells investors the company is working to 'win back fans' Microsoft boss says company is working to 'win back fans' Linux cryptographic code flaw offers fast route to root Fedora 44 is out – countless versions of it Microsoft sets its sights on the past with 86-DOS and PC-DOS Microsoft updates the Windows Update Experience Windows second-chance setup hurts IT, productivity Ubuntu Resolute Raccoon drops Xorg, keeps X11 apps alive More ancient Linux device support facing the ax WSL9x hacks Linux into ancient Windows 9x systems UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial Zorin OS 18.1 released - and the Lite edition reappears Task Manager's CPU%: an obituary for the recent past Linux 7.1 will have an optional new NTFS driver Microsoft releases Windows Server update to fix April update 20-year-old Enlightenment E16 bug finally gets patched 20-year-old Enlightenment E16 bug finally gets patched Raspberry Pi OS ends open-door policy for sudo Firefox Nightly adds Web Serial after years of saying no Windows Update: Torture chamber for seldom-used PCs Windows Update: Torture chamber for seldom-used PCs Notepad loses Copilot icon as Microsoft gives subtlety a try Notepad loses Copilot icon as Microsoft gives subtlety a try Microsoft attempts to untangle Windows Insider program Adobe finally patches PDF pest after months of abuse NHS pays £46K to prep next Microsoft licensing round Linux 7.0 debuts as Linus Torvalds ponders AI's impact Linux 7.0 debuts as Linus Torvalds ponders AI's impact Red Hat RHELocates its Chinese engineering team to India Showing the Windows 10 desktop was the yeast they could do Apple's chips are winners, but Windows fails help it most The end of Linux i486 support looks nigh The end of Linux i486 support looks nigh Windows asks a networking question on a Stratford billboard Some 'broken by update' PCs were already doomed SystemRescue 13 lands with Linux 6.18 and bcachefs support Memo: Red Hat Global Engineering plans to lean in to AI Microsoft plans another out-of-band Windows fix Ubuntu beta arrives with GNOME 50, sans Google Drive support Ubuntu beta arrives with GNOME 50, sans Google Drive support Microsoft pulls Windows update after installation problems Microsoft pulls Windows update after installation problems Microsoft cracks down on old Windows kernel drivers Microsoft cracks down on old Windows kernel drivers How Windows 95 fought off badly behaved installers Open source isn't a tip jar – it's time to charge for access Age checks creep into Linux as systemd gets a DOB field Systemd-free antiX 26: Debian 13, in bonsai form Systemd-free antiX 26: Debian 13, in bonsai form Windows boss promises to heal the operating system's wounds Windows boss promises to heal the operating system's wounds Smart TVs and voice assistants are the next gatekeepers Microsoft releases emergency fix for account internet error Microsoft releases emergency fix for account internet error Microsoft: Removing some Copilots will improve Windows 11 WSL, WINE updates speed cross-OS app performance MS update kills Microsoft account sign-ins in Windows 11 GNOME 50 debuts with X11 axed, Wayland front and center Microsoft publishes a workaround for Samsung's C:\ drive woes Systemd 260 kills SysV, tells AI not to misbehave Out-of-band getting out of hand as Microsoft pushes hotpatch for Bluetooth Microsoft pushes out-of-band hotpatch for Bluetooth Big moves in Linux filesystems as new bcachefs lands and KDE adds support for Apple's APFS Age verification isn't sage verification when it's inside operating systems Age verification isn't sage verification inside OSes Microsoft points at Samsung after Galaxy app bug locks users out of C:\ RAM is getting expensive, so squeeze the most from it Nanny state vs. Linux: show us your ID, kid Smart mirror shows dumb Windows in elevator Microsoft adding Xbox mode to Windows 11 – even the Professional edition DR-DOS rises again – rebuilt from scratch, not open source Hotpatching goes default in Windows Autopatch whether you like it or not Hotpatching goes default in Windows Autopatch Linux PC vendor System76 tries to talk Colorado down over OS age checks System76 tries to talk Colorado down over OS age checks US state laws push age checks into the operating system Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October BunsenLabs Carbon keeps the CrunchBang flame alive with Debian 13 Bootleg Windows, Office scheme crashes, triggers 22-month lockup for Florida woman
Linux kernel czar says AI bug reports aren't slop anymore
2026-03-26 · via The Register - Software: OSes

INTERVIEW I was at a press luncheon at KubeCon Europe this week when, to my surprise, who should sit down next to me but long-term Linux kernel maintainer Greg Kroah-Hartman. Greg, who lives in the Netherlands these days, was there to briefly comment on AI, Linux, and security. We spoke about how, over the last month, AI-driven activity around Linux security and code review has "really jumped" in a way no one in the open source world saw coming.

"Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality," he said. "It was kind of funny. It didn't really worry us." Of course, there are many Linux kernel maintainers, so for them, AI slop isn't as burdensome as it is for, say, Daniel Stenberg, founder and lead developer of cURL, where AI slop reports caused the cURL team to stop paying bug bounties.

Things have changed, Kroah-Hartman said. "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now."

REG AD

No one is quite sure what's behind it. Asked what changed, Kroah-Hartman was blunt: "We don't know. Nobody seems to know why. Either a lot more tools got a lot better, or people started going, 'Hey, let's start looking at this.' It seems like lots of different groups, different companies." What is clear is the scale. "For the kernel, we can handle it," he said.

REG AD

"We're a much larger team, very distributed, and our increase is real – and it's not slowing down. These are tiny things, they're not major things, but we need help on this for all the open source projects." Smaller projects, he implied, have far less capacity to absorb a sudden flood of plausible AI-generated bug reports and security findings – at least now they're real bugs and not garbage ones.

Behind the scenes, security teams are comparing notes. "We get together informally and talk a lot, because we all have the same problems," he said. "There must have been some inflection point somewhere with the tools. Did the local tools get better? Did people figure out something? I honestly don't know."

For now, AI is showing up more as a reviewer and assistant than as a full author of Linux kernel code, but that line is starting to blur. Kroah-Hartman has already done his own experiments with AI-generated patches.

"I did a really stupid prompt," he recounted. "I said, 'Give me this,' and it spit out 60: 'Here's 60 problems I found, and here's the fixes for them.' About one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right." Mind you, those working patches still needed human cleanup, better changelogs, and integration work, but they were far from useless. "The tools are good," he said. "We can't ignore this stuff. It's coming up, and it's getting better."

Developers are starting to acknowledge AI's role in actual submissions. "We're seeing some patches being generated," Kroah-Hartman said. "You have a little co-develop tag for that now. We're seeing some things for some new features, but we're seeing AI mostly being used in the review."

Asked whether he could imagine a near-future where most of the work on simple changes comes from AI, he said that for "simple little error conditions, properly detecting error conditions," AI could already generate dozens of usable patches today.

The sudden increase in AI-generated reports and AI-assisted work has also spurred a parallel push to build AI into the kernel's own review infrastructure. A key piece of that is Sashiko, a tool originally developed at Google and now donated to the Linux Foundation.

"We need to be able to have an easy way to review some of these patches that come in ways that cut down on our load." The tool is "out there, running on almost all kernel patches," he said. "You can see it publicly. We're integrating it into our review tools. It's available for anybody to use."

REG AD

That work builds on earlier efforts inside specific subsystems. "The networking and the BPF people have been doing LLM-generated reviews for a while," said Kroah-Hartman. "The Direct Rendering Manager (DRM) people and now Google's tool are pulling all those into one common interface," he explained. "Different subsystems are adding better skills or prompts – for storage, here are the things you need to look for; for graphics, here are the things you need to look for. People are contributing in a public place for that, which is how it should be. This is very good."

Kroah-Hartman credited longtime kernel developer Chris Mason, now at Meta, with pioneering AI-based review workflows. Mason has been running AI review for eBPF and networking for some time. The systemd project is also using the same class of tools for its all-C codebase.

AI reviewers, he stressed, are additive rather than authoritative. "On the review side, it's generating some good reviews. It doesn't get you everything. Some things are still wrong. But it does point out a lot of the obvious things," he said.

One of the biggest immediate wins is turnaround time. When an AI reviewer flags obvious problems, submitters get feedback long before a human maintainer would realistically read the patch. "If I see it respond to something, it gives feedback to the submitter faster than the maintainer had a chance to, which is nice," Kroah-Hartman said. "We have a number of bots that run on patches as it is. If I see those fail, I just know I don't even need to look at that as a maintainer. And it gives the developer, 'Oh, I can go do another version tomorrow,' which helps increase the feedback a little better."

Still, as AI-generated reports and patches grow, so does the review burden. "It's more reviews; it's more stuff we have to review for the kernel," he said. That's why efforts with the OpenSSF and its Alpha-Omega program matter. "We're working to try and create tools to help make it easier for maintainers to handle this incoming feed and deal with it."

A recurring theme for Kroah-Hartman is equity of access. Until recently, only well-resourced subsystems could afford to run heavy AI tooling at scale. Turning Google's review system into a Linux Foundation project is meant to change that.

"That's this one tool that we have for the review," he said. "It's one tool as an example of how now, as an LF project, we're giving access to everybody. Before, it was just the subsystems that had the resources to run it on the back end. Right now, we're giving it to everyone." Work is already underway to make it usable beyond the kernel's own infrastructure.

That matters because, as Kroah-Hartman keeps emphasizing, the AI wave is not just a kernel problem. "All open source projects have real reports that are made with AI," he said. "Our increase is real, and it's not slowing down. These aren't major things, but we need help on this for all the open source projects."

REG AD

For Linux, the relationship with AI is already evolving past theory and into practice. It's a mixed blessing. AI is simultaneously a new source of real vulnerabilities that strains human reviewers who must deal with them, while also helping to manage that strain.

The trick for Kroah-Hartman and his peers will be to keep AI as a force multiplier, without drowning the open source maintainers. ®