One AI tool unearthed a critical vulnerability hidden in Linux for 15 years, while another, due to a misrecorded number, led to four police cars surrounding an innocent journalist as if he were a stolen vehicle suspect.
"Do you have a gun? Get out of the car!"
On an ordinary Sunday afternoon, auto journalist Joel Feder drove a $155,000 Range Rover to return it. He had just backed out of his parking spot about two feet when four police cars sped in from all directions, surrounding him and his wife.
The police had their hands on their holsters, on high alert.

12:21 PM, June 28, 2026. Police bodycam footage captured the moment Feder was boxed in. His license plate was misidentified by the Flock system as a stolen plate. (Source: Joel Feder / Instagram)
Officers jumped out of their cars, shouting at him. Given how quickly such situations can escalate, Feder had no choice but to comply, raising his hands and stepping out of the vehicle.
He had become a car theft suspect.
But he hadn't stolen any car. What turned him into a suspect was a simple data entry error 2,000 miles away, amplified by a never-resting network of AI-powered cameras.
Almost simultaneously, another AI was helping humans uncover a critical vulnerability hidden in the Linux kernel for a full 15 years, affecting nearly all distributions.
Both involve "pattern recognition, automated judgment, triggering action." One AI is helping humans patch leaks; the other nearly harmed a person. This is the story we're telling today.
AI Uncovers a 15-Year-Old Vulnerability, Gains Root in 5 Seconds
First, the story of AI helping humans patch a leak.
Recently, security company Nebula Security disclosed that their AI-powered vulnerability discovery tool, VEGA, found a Linux kernel vulnerability codenamed GhostLock (CVE-2026-43499).

July 7, 2026, Nebula Security publicly released a technical report on GhostLock (CVE-2026-43499), stating it was discovered by the AI tool VEGA and affects almost all Linux distributions since 2011. (Source: Nebula Security)
This vulnerability had lain dormant for 15 years.
Introduced in 2011, nearly every mainstream Linux distribution since then has included it by default, yet it remained undetected.
This means countless servers, cloud instances, and containers running worldwide had this ticking time bomb at their foundation.
How easy is it to trigger? An attacker needs no special privileges or unusual configurations. Using ordinary thread calls, they can escalate step-by-step to the highest privileges (root) and even escape containers.
Nebula crafted a 97% reliable privilege escalation chain from it. On a test machine, it takes about 5 seconds to go from a regular user to root. For this achievement, Google's KernelCTF awarded them $92,337.
"GhostLock (CVE-2026-43499) privilege escalation demo: A regular user runs the exploit program; seconds later, the terminal echoes uid=0 (root), granting highest privileges. (Video source: Nebula Security)"
This vulnerability is hidden in the Linux kernel's lock management mechanism. In simple terms, the kernel "misidentifies a person."
An analogy: There's a cleanup function in the kernel called remove_waiter(), responsible for one thing: when a thread waits in line for a lock, either gets it, or gives up, it cleans up the queuing record it left behind.
Initially, it only considered the simplest case—the one who queued up must be the one to clear the record. So it always assumed "the thread currently at the window is the one to be cleared," and acted on the "current thread."
In the era of "queue yourself, clear yourself," this assumption never caused issues.
But later, the kernel introduced a new mechanism: one thread could queue on behalf of another thread that was "sleeping"—meaning it was suspended while waiting for a lock, yielding the CPU, waiting to be awakened.
The trouble arises here: the actual queuing thread is asleep, and the one at the window clearing the record is actually a "proxy."
The cleanup function still operates with the old logic, clearing the record of the "proxy" thread but leaving the actual queuing, sleeping thread untouched.
The problem is, the sleeping thread still holds a note saying "my queuing information is here." This note points to a small piece of its temporary memory (the "stack," which is reclaimed after the thread finishes using it).
Once it wakes up and returns from the system call, this memory is immediately reclaimed and overwritten by other data. But that note still exists, still pointing to this now-repurposed memory.
This is the so-called dangling pointer: a pointer still trusted but pointing to "freed and repurposed" memory. Use-after-free vulnerabilities stem from this.

GhostLock exploit chain diagram: Three threads (waiter, owner, consumer) create a deadlock cycle, triggering -EDEADLK rollback, leaving a dangling pointer; the attacker then forges kernel structures to achieve controlled writes, ultimately hijacking control flow to gain root. (Source: Nebula Security)
More ironically, the kernel's own security checking mechanism, lockdep, completely missed it.
The reason is simple: lockdep only checks "is anyone holding this lock?" but does not check "does this lock belong to the thread you're supposed to clean up for?"
The lock is correct, the thread is wrong, and the check passes.
This misuse from over a decade ago was amplified step-by-step, eventually leading to complete control of the entire machine.
After obtaining the dangling pointer, an attacker can spray forged data into the freed memory it points to, tricking the kernel into treating it as a legitimate structure. This allows controlled writes, hijacking kernel function tables, and ultimately obtaining root.
Although this time an AI-assisted tool helped human researchers find this dormant blind spot, it reveals a startling reality:
Issues that once required top experts to read code line-by-line and rely on intuition to potentially discover are now being unearthed en masse by automated tools.
Throughout 2026, a series of Linux privilege escalation vulnerabilities have been exposed, many of which were found by automated tools.
They are almost all hidden in the oldest, most used, yet long-unreviewed corners of the kernel, lying quietly undisturbed.
AI Turns a Typo into a Nationwide Manhunt
Back to Feder's ordeal in the parking lot.
Afterwards, he pieced together the cause. The actual stolen license plate reported was 34 03 DTM. But when it was entered into the national stolen vehicle database (NCIC), the small-font "03" in the middle was omitted, recorded only as 34 DTM.
Missing just two digits set everything off course.
Feder's test vehicle plate was 34 10 DTM. Due to the special format of New Jersey manufacturer plates, the middle digits are in an extremely small font. Flock's AI camera didn't read the small number, only recognizing "34 DTM," and began alerting police departments along its route.

Footage from a Flock camera shown by police, reading the plate as 34 10 DTM, with the middle "10" in extremely small font. The system only recognized "34 DTM" and triggered the alert. (Source: Joel Feder / The Drive)
Flock cameras scan approximately 20 billion license plates per month.
A simple typo from Los Angeles was thus amplified by a nationwide automated recognition network, relayed from California to Minnesota, culminating in four police cars, a drone, and an hour of tense confrontation. Police kept their hands on their holsters the entire time but never drew their weapons.
What's more, police told Feder that week, four other vehicles with the same manufacturer plate format in Minnesota were also being tracked; he was just the first one police managed to box in.
As they left, an officer remarked, "You're lucky this happened in Plymouth. If it were Minneapolis, they would have definitely drawn their guns and rushed you."
"People make mistakes, that's normal," Feder said later. "But it was amplified by a nationwide surveillance system."
He also wrote that cameras on traffic lights are tracking our cars, our devices, our pets, even ourselves, and this is just the beginning. The next step might be installing them on school buses.
Whether you stole a car or not is irrelevant. Once these systems target you, things only move in one direction.
Feder's words serve almost as a footnote for the entire era of AI security.
It Can Find Mistakes Faster Than Humans, and Cause Trouble Faster Too
Looking at these two stories together, the stark contrast prompts deep thought.
On one hand, AI discovered a vulnerability humans missed for 15 years, making the world safer. On the other, AI amplified a data entry error, pushing an innocent person into the spotlight of four police cars.
Yet the underlying logic is the same. The difference lies solely in the input.
In the GhostLock story, the AI read real kernel code and unearthed a real problem. In the Flock story, the input the AI received was wrong from the start, and it faithfully executed that error, faster and more widely than any human officer ever could.
Therefore, the blame for the Flock incident cannot be simply attributed to "AI making a mistake."
The wrong input was entered by a human; the necessary human review was omitted by humans. The AI merely executed the consequences of these two oversights with machine speed and scale, magnifying them.
It's like a multiplication sign. The sign itself isn't wrong, but if the number preceding it is negative, the result becomes exponentially worse.
What's truly unsettling is that Feder's experience is quietly repeating in more and more domains.
The Biggest Vulnerability of the AI Era Might Not Be in the Code
Today, AI is squeezing into high-stakes decision chains like security, law enforcement, and finance.
It truly can find vulnerabilities humans miss—that's real capability. But it also scales human errors—that's real risk.
These two things are two sides of the same coin.

A Flock license plate recognition camera mounted on a pole above a traffic light intersection, with a black solar panel behind it. Such devices are already deployed in thousands of communities across the US. (Source: Frank W. Lewis/Signal Cleveland)
The GhostLock story tells us AI already has the potential to surpass human line-by-line review. Future vulnerability hunting may no longer rely on humans reading code line-by-line.
Flock represents the opposite: it reminds us that the crucial checkpoint of human review in critical systems cannot be omitted, not a single one.
The real question isn't whether AI will make mistakes—it certainly will—but whether, when it does, there's still a human who can step in and say stop.
The biggest vulnerability of the AI era might no longer be in the code, but in the moment we hand over the final judgment call.
References:
https://nebusec.ai/research/ionstack-part-2/
https://www.thedrive.com/news/how-flock-cameras-wrongly-tracked-me-for-days-over-stolen-plates-and-sent-police-after-me
https://www.untempled.com/guilhermen/art/ai-found-a-secret-computer-bug-hidden-for-15-years-plus-why-cops-chased-a-reporter-over-a-typo-cmrgwcw7o0001ky04qu4ubln8
This article is from the WeChat public account "新智元" (New Zhiyuan), author: ASI启示录 (ASI Revelation)








