Nebula Security's AI tool VEGA has uncovered a 15-year-old root bug, dubbed GhostLock (CVE-2026-43499), in the Linux kernel. This flaw allowed any user to gain full control of an unpatched system, posing significant security risks.
The bug was pervasive, affecting essentially every mainstream distribution since 2011, requiring no special permissions or network access. Despite the severity, patch availability is uneven; Ubuntu still lists several LTS versions as vulnerable as of early July.
While this discovery highlights the capabilities of modern AI in security research, it also raises questions about oversight and the vulnerabilities that might be lurking in legacy code.
The incident underscores the need for regular audits and rigorous testing. Yet, with thousands of open-source projects and millions of lines of code, the task is monumental and often overlooked by human reviewers alone.
As we rely more on technology, the detection and resolution of such long-standing issues become increasingly critical to maintaining the integrity and security of our digital infrastructure.







