Copy Fail / Dirty Frag: Learning the Lessons of Tomorrow Today
TL;DR: The past week was an AI-empowered security disruption that was built on capabilities already surpassed. Reflect on your Copy Fail and Dirty Frag response while it's fresh. Flag every extraordinary effort, every gap. Design tomorrow's response like you'll need to do this every day. You will. Copy Fail (CVE-2026-31431) is a Linux kernel local privilege escalation: an unprivileged local user to root, immediate, on all major distributions. CISA added it to their Known Exploited Vulnerabilities (KEV) catalog two days after disclosure, the agency's clearest signal that a vulnerability is being actively exploited and needs immediate attention, with a May 15 federal remediation deadline. Before that deadline closed, Dirty Frag dropped: a chained exploit (CVE-2026-43284, CVE-2026-43500) extending the same bug class, bypassing the Copy Fail mitigation entirely, public PoC, no patch at disclosure. Same capability. Not on the KEV catalog. Both were found using AI-assisted r...