AI Agent Finds Universal Linux Privilege-Escalation in One Hour

A Theori AI scanning agent, handed a single-sentence prompt, discovered CVE-2026-31431 ("copy_fail") in roughly one hour — a 100% reliable local privilege-escalation flaw quietly present in every Linux kernel since 2017. CrowdStrike confirms attackers are actively using it; CISA has added it to the Known Exploited Vulnerabilities catalogue. Every Linux machine updated since 2017 is affected.

What the Source Actually Says

The bug lives inside the AF_ALG / AEAD ESN crypto interface. AEAD ESN writes four bytes of scratch data into what it believes is a crypto output buffer — but a flaw in the AF_ALG splice function allows that buffer to instead point into the page cache of any readable file on the system. The canonical target is /usr/bin/su, which ships on every Linux distribution and allows running commands as root. A 732-byte Python proof-of-concept exploits this write to gain full root access from any unprivileged local user session.

The AI agent's entire directive was: "Splice can deliver page cache references of read-only files to crypto TX scatter lists, could go look." Approximately one hour of scan time later, the agent had produced a working exploit and a polished disclosure microsite. Theori dropped the PoC publicly on GitHub; Metasploit modules followed within days, and the Linux kernel team traced the root cause to commits from 2015 and 2017.

copy_fail is not remotely exploitable — an attacker needs an existing foothold (SSH session, compromised service) before it becomes relevant. Post-foothold, however, it is trivially reliable, which is why CrowdStrike has already confirmed in-the-wild use against real targets.

Strategic Take

The economic asymmetry is now legible: universal Linux LPEs trade at $10,000–$7 million on the Crowdfence gray market; an AI agent produced one in under an hour at near-zero cost. For any team running Linux-hosted AI workloads — or laptop-local infrastructure — this is a patch-immediately event. The wider implication: offensive AI tooling has crossed a threshold where a single-sentence prompt plus one hour of compute can equal a seven-figure vulnerability class. Kernel-layer patch hygiene has become an AI-era discipline.