Security researchers have uncovered remote code execution vulnerabilities in both Vim and GNU Emacs using Claude, Anthropic's AI assistant. The Vim vulnerability was promptly fixed by maintainers, who released v9.2.0272 as a security patch. The Emacs team declined to address their reported issue, attributing it to git behavior rather than a security flaw.

This discovery marks a significant shift in vulnerability research methodology. The researchers used simple prompts to identify these zero-days, demonstrating how AI can accelerate bug hunting. The Emacs team's response highlights the ongoing debate about what constitutes a security vulnerability versus expected behavior in software development tools.

The findings launch MAD Bugs (Month of AI-Discovered Bugs), a campaign running through April that will publish additional vulnerabilities uncovered by AI systems. This initiative represents a new frontier in security research, where AI assistants like Claude can identify flaws that human researchers might miss. The Vim fix demonstrates the practical value of AI-assisted security testing, while the Emacs case raises questions about vulnerability disclosure policies and the evolving relationship between AI capabilities and software security practices.