A week ago the Copy Failvulnerability surfaced, prompting Hyunwoo Kim to release a patch within hours. Following Linux’s norm, he first shared the fix with a closed roster of security engineers, keeping the severity hidden. The goal was to let the kernel team address the flaw quietly while the public stayed in the dark until an embargo lifted today.

When a third eye spotted the change, the patch went public, revealing the vulnerability’s details. This clash exposes the tug‑of‑war between the coordinated‑disclosure model—90‑day windows for vendors to patch—and the “bugs are bugs” Linux ethos, which urges immediate, low‑profile fixes. AI now speeds both discovery and notification, shrinking the window between detection and exposure.

Short embargoes, barely a few hours, may become the new norm as AI tools like Gemini 3.1 Pro, ChatGPT‑Thinking 5.5, and Claude Opus4.7 can instantly flag security patches in diffs. In a test, Gemini correctly identified a fix, GPT leaned toward it, and Claude hesitated. The takeaway: as automated scanners flood the pipeline, the only viable strategy is to cut embargoes and let defenders react faster swiftly.