While announcing the fourth release candidate for Linux kernel 7.1, Linux head Linus Torvalds had some interesting words to say about AI.
Torvalds appears to be quite a fan of AI, and we've seen a recent wave of security issues affecting the Linux kernel to the point that they're getting a bit spammed by people using various AI tools to track down issues - often issues that have already been reported.
Here's what Torvalds had to say:
You all know the drill by now - another week, another release candidate.
Things continue to look fairly normal (where "normal" is the "new normal" with a fair amount of changes). Drivers are about half the patch, with GPU leading the way as is tradition. But there's a little bit of everything in driver land.
The rest is mostly networking, core kernel, filesystems, and arch updates.
Some of the documentation updates might be worth highlighting: the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools. People spend all their time just forwarding things to the right people or saying "that was already fixed a week/month ago" and pointing to the public discussion.
Which is all entirely pointless churn, and we're making it clear that AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved - and only makes that duplication worse because the reporters can't even see each other's reports.
AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work. Feel free to use them, but use them in a way that is productive and makes for a better experience.
The documentation may be a bit less blunt than I am, but that's the core gist of it. So just to make it really clear: if you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by "send a random report with no real understanding" kind of person. Ok?
You can see some of the new documentation online via kernel.org. This is up to date with the new AI-related documentation that has been added including the subjects of AI assistance and responsible use of AI to find bugs.
Linux kernel 7.1 is due for release sometime later in June 2026.
Article taken from GamingOnLinux.com.
See more from me
You can also find comments for this article on social media: 
the continued flood of AI reports has basically made the security list almost entirely unmanageable
AI tools are great... Feel free to use them...🤔
AI tools are great, [...] but use them in a way that is productive and makes for a better experience.Some imho very true and well said statements. Though I think it's still not AI, just very sophisticated software that's really really good at guessing words and giving a good impression of being smart. AI is just the buzz word for LLMs.
[...]
If you actually want to add value, [...] add some real value on *top* of what the AI did. Don't be the drive-by "send a random report with no real understanding" kind of person. Ok?
Nonetheless, these tools can be really helpful. Like with any other tools, you need to learn how to use them. They can code, if it's good code, you need to understand what it produced. Back then we needed to learn how to google, which search words gave the answers we were looking for. This hasn't changed, today we need to learn how to prompt. Fooling an LLM is easy and even funny the first time. It can give you the right answer though too, if you know how to ask it properly. And reading code is easier and faster than writing code by hand. So using these tools can be helpful, if done properly. They won't replace creatitvity or create ideas. At best they can reproduce or mix something existing differently together. It can be good and maybe even a starting point, yet it will always need real humans to decide if it's useful and good.
What's apparently happening now is... hey I (= my AI that I prompted) found something! Look at me, give me credits! Getting attenting for the low hanging fruits. It always works in the very beginning, and will be consolidated over time. New technology creates new challenges, eventually the benefits will emerge out of this.
A thought that came up reading about the sheer amount of reports incoming reports was... maybe they should use LLMs to sort out the duplicates 😆
Last edited by Corben on 18 May 2026 at 9:55 am UTC
Quoting: CorbenThe sorting problem should be solvable with boring old testing suites, with CVE-access.AI tools are great, [...] but use them in a way that is productive and makes for a better experience.Some imho very true and well said statements. Though I think it's still not AI, just very sophisticated software that's really really good at guessing words and giving a good impression of being smart. AI is just the buzz word for LLMs.
[...]
If you actually want to add value, [...] add some real value on *top* of what the AI did. Don't be the drive-by "send a random report with no real understanding" kind of person. Ok?
Nonetheless, these tools can be really helpful. Like with any other tools, you need to learn how to use them. They can code, if it's good code, you need to understand what it produced. Back then we needed to learn how to google, which search words gave the answers we were looking for. This hasn't changed, today we need to learn how to prompt. Fooling an LLM is easy and even funny the first time. It can give you the right answer though too, if you know how to ask it properly. And reading code is easier and faster than writing code by hand. So using these tools can be helpful, if done properly. They won't replace creatitvity or create ideas. At best they can reproduce or mix something existing differently together. It can be good and maybe even a starting point, yet it will always need real humans to decide if it's useful and good.
What's apparently happening now is... hey I (= my AI that I prompted) found something! Look at me, give me credits! Getting attenting for the low hanging fruits. It always works in the very beginning, and will be consolidated over time. New technology creates new challenges, eventually the benefits will emerge out of this.
A thought that came up reading about the sheer amount of reports incoming reports was... maybe they should use LLMs to sort out the duplicates 😆
The problem is keeping from using this to clog up maintainer mailboxes.
Linus's solution to that is to immediately publish AI reports.
My solution is to immediately publish all duplicate reports, because they all suffer from the same fundamental issue.
Also appealing to AI developers to create variation in hunting tactics, but I'm not enough of an AI-developer to know the achievability of such a request.
Quoting: KapelliniMight want to read the rest too:the continued flood of AI reports has basically made the security list almost entirely unmanageableAI tools are great... Feel free to use them...🤔
If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by "send a random report with no real understanding" kind of person. Ok?What he's asking for would restore sanity to the security list, which would take care of the contradiction you're pointing out. Although I'm pretty sure most of these people will just prompt their AI/LLM to produce a patch and send that to the list, without understanding the problem or the code. Maybe it'll at least reduce the amount of reports to a reasonable level.
Patreon
PayPal
How to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
How to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck