RSS

Linux Maintainer Greg Kroah-Hartman Says AI Tools Now Useful, Finding Real Bugs

root-parent1 pts0 comments

Linux kernel czar says AI bug reports aren't slop anymore

Jump to main content

Search

REG AD

AI + ML

AI bug reports went from junk to legit overnight, says Linux kernel czar

Greg Kroah-Hartman can't explain the inflection point, but it's not slowing down or going away

Steven J. Vaughan-Nichols

Steven<br>J. Vaughan-Nichols

Published<br>thu 26 Mar 2026 // 13:40 UTC

INTERVIEW I was at a press luncheon at KubeCon Europe this week when, to my surprise, who should sit down next to me but long-term Linux kernel maintainer Greg Kroah-Hartman. Greg, who lives in the Netherlands these days, was there to briefly comment on AI, Linux, and security. We spoke about how, over the last month, AI-driven activity around Linux security and code review has "really jumped" in a way no one in the open source world saw coming.

"Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality," he said. "It was kind of funny. It didn't really worry us." Of course, there are many Linux kernel maintainers, so for them, AI slop isn't as burdensome as it is for, say, Daniel Stenberg, founder and lead developer of cURL, where AI slop reports caused the cURL team to stop paying bug bounties.

Linus Torvalds and friends tellThe Reghow Linux solo act became a global jam session

Read more

Things have changed, Kroah-Hartman said. "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now."

REG AD

No one is quite sure what's behind it. Asked what changed, Kroah-Hartman was blunt: "We don't know. Nobody seems to know why. Either a lot more tools got a lot better, or people started going, 'Hey, let's start looking at this.' It seems like lots of different groups, different companies." What is clear is the scale. "For the kernel, we can handle it," he said.

REG AD

"We're a much larger team, very distributed, and our increase is real – and it's not slowing down. These are tiny things, they're not major things, but we need help on this for all the open source projects." Smaller projects, he implied, have far less capacity to absorb a sudden flood of plausible AI-generated bug reports and security findings – at least now they're real bugs and not garbage ones.

Behind the scenes, security teams are comparing notes. "We get together informally and talk a lot, because we all have the same problems," he said. "There must have been some inflection point somewhere with the tools. Did the local tools get better? Did people figure out something? I honestly don't know."

For now, AI is showing up more as a reviewer and assistant than as a full author of Linux kernel code, but that line is starting to blur. Kroah-Hartman has already done his own experiments with AI-generated patches.

"I did a really stupid prompt," he recounted. "I said, 'Give me this,' and it spit out 60: 'Here's 60 problems I found, and here's the fixes for them.' About one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right." Mind you, those working patches still needed human cleanup, better changelogs, and integration work, but they were far from useless. "The tools are good," he said. "We can't ignore this stuff. It's coming up, and it's getting better."

Developers are starting to acknowledge AI's role in actual submissions. "We're seeing some patches being generated," Kroah-Hartman said. "You have a little co-develop tag for that now. We're seeing some things for some new features, but we're seeing AI mostly being used in the review."

Asked whether he could imagine a near-future where most of the work on simple changes comes from AI, he said that for "simple little error conditions, properly detecting error conditions," AI could already generate dozens of usable patches today.

The sudden increase in AI-generated reports and AI-assisted work has also spurred a parallel push to build AI into the kernel's own review infrastructure. A key piece of that is Sashiko, a tool originally developed at Google and now donated to the Linux Foundation.

"We need to be able to have an easy way to review some of these patches that come in ways that cut down on our load." The tool is "out there, running on almost all kernel patches," he said. "You can see it publicly. We're integrating it into our review tools. It's available for anybody to use."

REG AD

MORE CONTEXT

Nanny state discovers Linux, demands it check kids' IDs before booting

Open source devs consider making hogs pay for every download

Workaholic open source developers need to take breaks

OK, so Anthropic's AI built a C compiler. That don't impress me...

linux said kernel reports kroah hartman

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.