Greg Kroah-Hartman: Rust will save Linux from AI-discovered bugs
13 CVEs a day—Linux kernel maintainer says Rust cuts 60% of security flaws at compile time.
Get AI news that actually matters
One email a day. Zero fluff. Join 10,000+ professionals.
At Rust Week 2026 in Utrecht, Linux stable kernel maintainer Greg Kroah-Hartman delivered a stark message: Rust will save Linux from an onslaught of AI-discovered security bugs. He revealed that the kernel team now processes roughly 13 CVEs per day, driven by new AI bug-detection tools uncovering decades-old issues like Dirty Frag, Copy Fail, and Fragnesia. Kroah-Hartman argued that most kernel vulnerabilities stem from C's manual memory and lock management—bugs he called 'tiny, minor stuff' like unchecked pointers and forgotten unlocks. Rust, he said, catches those errors at build time rather than review time, directly eliminating an estimated 60% of kernel security flaws.
Kroah-Hartman highlighted Rust's locking abstractions, where the compiler enforces correct access patterns automatically. Even if Rust disappeared tomorrow, he noted, its principles have already forced improvements in C code, such as scoped locks and guards inspired by Rust's design. With over 5,000 developers but only 700 maintainers, review time is the scarcest resource—Rust makes correctness obvious at a glance. 'This is the best thing ever,' he said, crediting the Rust community for making Linux safer and more maintainable.
- Greg Kroah-Hartman says Rust will save Linux from AI-discovered security flaws like Dirty Frag and Copy Fail.
- Rust's compile-time checks eliminate 60% of kernel bugs—especially memory and lock errors that cause CVEs.
- Rust's influence has already improved C code in Linux via scoped locks and guards, reducing review burden for maintainers.
Why It Matters
Linux kernel security is under siege from AI-driven bug discovery; Rust offers a proven path to reduce CVEs by 60%.