Back to articles
ProgrammingMay 25, 2026

Linus Torvalds Bans Non-Urgent Private Disclosures and Rejects AI Regressions in Linux 7.1-rc5

Linus Torvalds has restricted private vulnerability disclosures to urgent trust-boundary violations and blocked late-cycle AI-authored patches in Linux 7.1-rc5, responding to a flood of duplicated bug reports that threaten maintainer sanity and release stability.

A
Abyss Team
4 min read · 827 words · 4 views
flat screen monitor turned-onPhoto: Kevin Horvat / Unsplash

Linus Torvalds restricted private vulnerability disclosures to urgent trust-boundary violations and rejected late-cycle AI regressions in Linux 7.1-rc5, as AI-generated bug reports flood the kernel security mailing list with pointless churn. The move formalizes a break in the old workflow: automation is discovering and creating flaws faster than humans can triage them.

The disclosure mandate

The kernel project updated its security-bugs documentation to draw a hard boundary around private communication channels. Private disclosure is now reserved exclusively for issues that are easily exploitable and cross trust boundaries. Any flaw identified via AI tooling must be tracked publicly. Torvalds described the current influx of AI-generated reports as "pointless churn" that diverts maintainers away from writing code. The policy targets the duplication inherent in mass-scanning agents, which often generate identical findings from different prompts or models, clogging the mailing list without adding value.

Restricting private disclosure to trust-boundary violations forces transparency. Historically, vendors hid minor flaws to manage reputation during quiet patch windows. By limiting privacy to high-confidence, exploitable breaches, the kernel removes the option to suppress routine findings. This aligns with the reality that AI scanners produce massive volumes of overlapping results; keeping them private would create parallel tracking nightmares across hundreds of distributions. Public tracking ensures duplicates merge automatically and maintainers see the true scope of a class of defects.

Meanwhile, the release cycle continues to absorb the useful output of these tools. Linux 7.1-rc5, released May 24, 2026, contains numerous driver and security fixes authored by AI coding agents including GitHub Copilot and Claude Code. However, Torvalds simultaneously rejected late-cycle merges he classified as irrelevant regressions, proving that the distinction between helpful automation and disruptive noise remains difficult to automate. The kernel tree accepts generated improvements early but draws a firm line against unvetted changes arriving near freeze.

The signal-to-noise ratio

The tension extends beyond process complaints into active security gaps. High-profile local privilege escalation flaws continue to surface years after introduction, revealing how automated discovery and human patching operate on mismatched timelines. Qualys recently disclosed CVE-2026-46333, a logic error in __ptrace_may_access() present since November 2016 that allows unauthenticated local users to escalate to root on Debian 13, Ubuntu 24.04/26.04, and Fedora 43/44. Similarly, Theori's AI pentesting suite Xint detected CVE-2026-31431, known as "Copy Fail," a kernel flaw affecting versions dating back to 2017 that CISA quickly added to its Known Exploited Vulnerabilities catalog.

Both flaws required pre-existing local access or authentication to trigger, framing them as local privilege escalations rather than remote zero-click exploits. Yet their persistence highlights systemic lag. CISA acting director Nick Andersen noted that traditional vulnerability management cannot match the "speed, scale and velocity of vulnerability discovery to weaponization," pointing to pervasive technical debt across public and private sectors. Agencies and enterprises sit on fleets of machines running older kernels because testing and deploying patches cannot keep pace with the expanding attack surface.

An opinion analysis linked to CalcalisTech further illustrates the disparity, claiming Anthropic's Project Glasswing uncovered over 10,000 critical flaws in a single month, yet only 75 of 6,200 open-source discoveries received patches. While these aggregate metrics remain unverified pending primary vendor data, the pattern holds: discovery scales effortlessly, remediation does not. The gap between identifying a defect and applying a validated fix widens as tooling improves, leaving organizations exposed to weaponsized variants of long-standing bugs.

Our read

The kernel community is facing a structural capacity problem. Maintainer burnout accelerates as triage bandwidth shifts from mitigating high-risk exploits to filtering automated noise. Every duplicated report consumes review minutes that could address genuine regressions or upstream features. As AI tools lower the barrier to generating vulnerability reports, the cost of false positives approaches zero, making the relative cost of human verification explode.

Security vendors built around manual discovery or static scanning face immediate margin compression. Detection becomes a commodity when every major model can scan the same attack surface simultaneously. Competitive advantage will increasingly depend on automated remediation orchestration—the ability to validate, prioritize, and apply fixes without drowning downstream teams in alerts. Organizations already wrestling with autonomous AI coding hitting the governance wall will find themselves managing the same dynamic on the security side.

Federal agencies are signaling that voluntary disclosure and slow patch cycles are structurally inadequate. Expect tighter regulatory expectations for open-source dependency mapping and enforced remediation SLAs within the next 12 months. Companies relying on legacy supply chain visibility will struggle to meet audit requirements when thousands of undiscovered flaws exist in their dependencies. The path forward requires shifting investment toward ServiceNow's approach of selling the layer above AI coding, where centralized control replaces fragmented scanning.

Until organizations build systems that can govern machine-generated code and code-generated vulnerabilities, the window for exploitation will widen regardless of who finds the bugs first. The kernel project has forced a reset: if AI generates the noise, humanity must enforce the discipline, or the entire stack degrades.

Reporting from CybersecurityNews and Phoronix and Cyberscoop and IT News Australia

#linux-kernel#open-source-security#ai-code-generation#vulnerability-management#maintainer-workflow#software-craft#linux-upstream
Support our workIndependent, reader-funded tech journalism. If a piece helped you, chip in.Chip in →

Related reading

Articles connected to this one

More in Programming
teal LED panel
DevOps

AI writes most of the code now. Socket just raised $60M on the part nobody reviews.

Socket hit a $1B valuation selling supply-chain security to the same AI labs flooding the supply chain. When generation gets free, verification gets valuable — the fight is over who owns the door.

a computer screen with a bunch of code on it
Programming

AI writes most of the code now. The job that’s left is harder, not smaller.

Google says 75% of its new code is AI-generated, Microsoft 20–30%, Anthropic nearly all. That doesn't shrink engineering — it moves the job up the stack to architecture, review, and security.

a 3d image of a judge's hammer on a black background
AI & ML

Autonomous coding ships fast. Governance breaks the loop.

Enterprises deploy autonomous coding agents, but 95% of initiatives fail to deliver value. Velocity collides with compliance, forcing a pivot from generation to verification.