MADBugs

Codex Hacked a Samsung TV

We gave Codex a foothold. It popped a root shell.

Apr 13 • Calif

Claude + Humans vs nginx: CVE-2026-27654

What humans still do when Claude already found the bug.

Apr 10 • Calif

MAD Bugs: Feeding Claude Phrack Articles for Fun and Profit

tl;dr: A teammate gave Claude a Phrack article.

Apr 9

MAD Bugs: Claude Found an Auth Bypass in NSA's Ghidra Server

This bug may resemble a backdoor in effect, but there’s no evidence it was intentional. Really.

Apr 8 • Calif

MAD Bugs: Discovering a 0-Day in Zero Day

Here’s how I used Claude to find and patch a radare2 0-day on my first day at Calif.

Apr 8 • Calif

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.

Mar 31 • Calif

MAD Bugs: vim vs emacs vs Claude

We asked Claude to find a bug in Vim. It found an RCE. Just open a file, and you’re owned. We joked: fine, we’ll switch to Emacs. Then Claude found an…

Mar 30 • Calif

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts