{"slug": "rust-will-save-linux-from-ai-says-greg-kroah-hartman", "title": "Rust Will Save Linux from AI, Says Greg Kroah-Hartman", "summary": "Linux kernel maintainer Greg Kroah-Hartman told the Rust Week conference that the Rust programming language will save Linux from a surge of security vulnerabilities discovered by AI-powered bug detection tools. Kroah-Hartman said the kernel team is now issuing approximately 13 CVEs daily due to AI-discovered flaws like Dirty Frag and Copy Fail, and argued that Rust's compile-time safety checks can eliminate the memory and concurrency bugs that plague C code. The stable kernel maintainer emphasized that Rust's locking abstractions and automatic resource management prevent entire classes of errors that have caused critical vulnerabilities in Linux for decades.", "body_md": "# Rust will save Linux from AI, says Greg Kroah-Hartman\n\n*Follow ZDNET: *[Add us as a preferred source](https://cc.zdnet.com/v1/otc/00hQi47eqnEWQ6T9d4QLBUc?element=BODY&element_label=Add+us+as+a+preferred+source&module=LINK&object_type=text-link&object_uuid=10f6ca2a-f685-46df-9afa-6dd1b60e24a1&position=1&template=article&track_code=__COM_CLICK_ID__&url=https%3A%2F%2Fwww.google.com%2Fpreferences%2Fsource%3Fq%3Dzdnet.com&view_instance_uuid=2ab590b6-c9fc-4d34-a219-61eda2c1fb3c&object_version=62cbb7a1-0be6-4a05-9f33-4e21d4cf6a7b#link=%7B%22role%22:%22standard%22,%22href%22:%22https://cc.zdnet.com/v1/otc/00hQi47eqnEWQ6T9d4QLBUc?element=BODY&element_label=Add+us+as+a+preferred+Google+source&module=LINK&object_type=text-link&object_uuid=5e5d2e64-4b30-43e6-8555-26eac7e449f3&position=1&template=article&track_code=__COM_CLICK_ID__&url=https%3A%2F%2Fwww.google.com%2Fpreferences%2Fsource%3Fq%3Dzdnet.com&view_instance_uuid=379e95d2-6b56-476b-a90b-043a8dd63bd3%22,%22target%22:%22_blank%22,%22absolute%22:%22%22,%22linkText%22:%22Add%20us%20as%20a%20preferred%20source%22%7D)* on Google.*\n\n### ZDNET's key takeaways\n\n- Rust will save Linux from C's inherent security weaknesses.\n- Linux, faced with a flood of AI-discovered security problems, could use the help.\n- Going forward, more and more Linux code will be written in Rust.\n\nAt the [Rust Week conference](https://2026.rustweek.org/), the world's biggest [Rust language](https://www.rust-lang.org/en-US) conference, in Utrecht, Netherlands, Linux stable kernel maintainer Greg Kroah-Hartman opened by saying: \"I'm here to talk about untrusted data and Linux, and [how Rust is going to save us](https://www.youtube.com/watch?v=0vhGWclF7LU&t=810s).\" After \"a long month or two on the kernel security list,\" he pushed that point even further: \"I'm going to make even a bolder statement and say, 'You are going to save Linux.' Sorry, it's all on you.\"\n\n## Saving? Linux needs saving?\n\nWhat he was talking about was the sudden [flood of serious Linux security holes being discovered](https://www.theregister.com/security/2026/05/23/ai-eyes-scanning-for-bugs-create-a-worrisome-linux-security-trend/5244742), such as [Dirty Frag](https://www.zdnet.com/article/dirty-frag-new-linux-bug-system-at-risk-no-easy-fix/), [Copy Fail](https://www.zdnet.com/article/critical-copy-fail-vulnerability-affecting-linux-systems-how-to-mitigate/), and [Fragnesia](https://www.zdnet.com/article/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai/), that have come to light thanks to the latest AI bug-detection programs.\n\nAs a result, Kroah-Hartman, who has \"seen every single kernel security bug ever\" since 2005, said the kernel team is now issuing \"13 CVEs [Common Vulnerabilities and Exposures] a day, or something, something crazy.\" He thinks Rust is one of the few realistic ways to slash the class of bugs that come from C's traditional error-handling and resource-management pitfalls.\n\n**Also: ****One of the most user-friendly Linux distros I've ever used is also one of the most secure**\n\nKroah-Hartman illustrated those pitfalls with real C bugs in the kernel, including a 15-year-old Bluetooth bug that dereferenced a pointer without checking it and a Xen bug where \"we forgot to unlock\" in an error path. \"The majority of the bugs in the kernel are this tiny, minor stuff,\" he explained. \"Error conditions aren't checked, locks aren't forgotten, unreleased memories leak, and vulnerabilities add up over time. They crash the kernel. This is what we live with in C. This is why we don't like it.\"\n\nKroah-Hartman argued that the \"best beauty of Rust\" is catching those mistakes at build time rather than in review. For example, when it comes to locking, he highlighted Rust's locking abstractions in the kernel: \"The only way you can get access to inner pointers of structures is by grabbing that lock, and releasing the lock automatically. The compiler does it, it's guarded, the lock happens, everything's happy. You just can't write code to access these values...without grabbing the lock. The compiler will not let you.\"\n\nThose properties, he argued, directly remove a huge fraction of the bugs he sees: \"This is going to save us those two things. First, 60% of the bugs in the kernel right there, they're gone. Thank you.\" The payoff is earlier, more automated enforcement: \"If this happens at build time, not review time, don't make me a maintainer who has to read your code [and] say, 'Oh, then you properly check that error value. Oh, did you properly grab the locks in the right spot?' Rust gives us that for free. This is the best thing ever.\"\n\nEven if Rust vanished tomorrow, Kroah-Hartman argued, it has already forced the kernel to clean up C code and interfaces. He credited Rust's influence outright: \"We stole this from Rust. Thank you. It's a good idea, so if Rust disappeared tomorrow, we have cleaned up the C code in the kernel so much and taken in the ideas. We thank you, you've made Linux better with it just by existing.\"\n\n**Also: ****Linux is getting a security wake-up call - why it was inevitable and I'm not worried**\n\nHe described new C \"guards\" and scoped locks inspired by Rust: \"Now we have that, we have C-scoped locks and allocators, and we've added this new code, which makes it harder for us to get it wrong, but most importantly, it makes the coding simpler.\" With more than 5,000 developers and only around 700 maintainers, he said, review time is the scarcest resource -- so patterns that make correctness obvious are crucial: \"We optimize for making code easy to review... If I can review your code more easily, I can glance at it and say, 'Hey, look, you obviously got it right because you use that pattern. All is good, and fewer bugs.'\"\n\nRust bindings are forcing deeper changes on the C side as well. Recalling an early Rust-for-Linux conference, he said that when he saw \"hundreds of lines of Rust code to deal with two lines of C code,\" he realized, \"I can change the C code. We can change the C code to make the Rust code simpler. We have no problem changing both sides of this barrier. Let's do that.\" He now credits the [Rust-for-Linux team](https://rust-for-linux.com/) with reshaping driver interfaces: \"The rules involved, and how the traits and the interfaces are working for the driver core, and the interaction with the C code in the kernel is going to make drivers simpler to write and harder to write [wrong]... They've done a great, great job.\"\n\nBeyond language features, Kroah-Hartman tied Rust directly to a broader push around untrusted data and the idea that \"all input is evil.\" Borrowing a line from Microsoft security, he told attendees: \"If you never remember anything else in my talk, just remember these four words. It came from Microsoft Security many, many years ago. They realized all input is evil. You have to validate all input.\"\n\nHe described ongoing work on an \"untrusted\" type wrapper and a validate method in Rust that forces explicit validation at the point where data crosses from untrusted to trusted. \"We have something called untrusted to type add it to the data, and every time you want to actually get access to this data, it's just a type, it's not actually code, it's going to hint to the compiler. You must go through validation before you actually access it.\" The key benefit for reviewers, he said, is that \"everything's focused\" on the transition points: \"The one section of the code, you can see all the code that does the validation of the transformation from user space, untrusted data to trusted data in one spot.\"\n\n**Also: ****Microsoft surprises with its first server Linux distribution: Azure Linux 4.0**\n\nThat model extends to increasingly hostile hardware: \"The model and the kernels, we don't even trust hardware. Hardware is full of bugs, but now you can have malicious hardware, and we're seeing more and more malicious hardware.\" His goal is to mark such data as untrusted and track it through the type system, then concentrate review energy: \"This is what's going to really save us, because we don't trust data... that I think I'm going to make this unscientific quote. This is what's going to save Linux, the combination of all the other stuff and the untrusted data. I think it's going to get rid of 80% of all the CVEs we have, and that's a huge, huge number.\"\n\n## Rust isn't magic\n\nNow, that doesn't mean he thinks Rust is magic. It's not. He cited one of the first Rust components merged into the kernel: QR code display logic used when the kernel crashes. \"That logic was written in Rust. Famously, it had a memory bug. It was given a buffer and its size, and the rest of the st code never checked the buffer size... Could scribble all over memory, because Rust can crash just as bad as C.\" So, Rust \"is not a silver bullet.\"\n\nHe's also not encouraging anyone to rewrite the Linux kernel in Rust. One attendee asked, \"Do you actually encourage rewriting stuff that's already there in the kernel with [Rust]?\" Greg replied: \"No, we don't want rewrites, so unless you're the maintainer and owner of that file, just do it for new stuff. Leave existing C code alone, and let's evolve forward after that.\" He gave Binder, [Android's core interprocess communication (IPC)](https://www.spiceworks.com/software/rust-moves-from-experiment-to-a-core-linux-kernel-language/), as an example where both C and Rust implementations coexist temporarily to reach parity, after which \"they're going to delete the C code, because I trust them, and they are the owners and maintainers of both those.\"\n\n**Also: ****You can use Linux 7.0 on these 7 distros today - here's what to expect**\n\nOver time, he expects new hardware support to skew heavily to Rust: \"Rust is going to evolve in the kernel over time. Some subsystems have said, 'Hey, only new drivers for graphics should be written in Rust.'... Over time, we have now hit a critical point where you can write really good drivers for all different types of subsystems in Rust and Linux. I think over the next year or two, you will see this.\" In typical Kroah-Hartman fashion, he summed up the model as evolutionary: \"Linux is evolution, it's not intelligent design. We evolve over time, and over time, new drivers for new hardware come in. You'll start using that new hardware. The old driver just won't get used anymore. Eventually, we'll delete them, as we do after about 20 years.\"\n\nIn the meantime, Kroah-Hartman told the audience: \"Today, 36 million lines of Linux are in C, with 113,000 lines of Rust. Most of all, this is binding.\" Because drivers make up the bulk of the kernel, \"Alice Ryhl, a top Rust Android programmer and the Rust-for-Linux developers, have had to go and write bindings for everything in order to write a tiny driver in Rust.\" That has forced the community to relax its usual rule against unused code: \"We also don't like adding code to the kernel that isn't being used, so it's hard to add a binding...unless you have a user for it. So it's a bit of a chicken-and-egg problem. We've had to bend that rule a little bit.\"\n\nHe also flagged real-world deployments coming soon: \"Android phones will be coming out, hopefully soon, running all the [Rust] code in Binder. So that's again, billions of devices can be running Rust in Linux soon.\"\n\nWhat ultimately sold a number of core maintainers, including him, on Rust was how it \"makes reviewing code easier.\" With [CI [Continuous Integration]](https://practical-tech.com/2018/07/10/continuous-integration-and-delivery-tool-basics/) bots enforcing builds and Rust's type system enforcing key invariants, maintainers can \"focus on the logic\" rather than resource bookkeeping: \"I can care about that one function. I don't have to worry about the rest of this stuff, because I assume that it works properly, because it was built properly.\"\n\n**Also: ****Linus Torvalds on the AI claim that makes him angry, and what security researchers should never do**\n\nInternally, he said, the top maintainers have already made their call on Rust's status: \"The Linux kernel maintainers, we get together every year and talk about what the processes are doing. Last year, we said the [Rust experiment is over. It's not an experiment. This is for real.](https://thenewstack.io/rust-goes-mainstream-in-the-linux-kernel/)\" The rationale: \"The people behind it are real. We trust them. We know what they're doing. They've shown and put in the work to make Rust a viable language in the kernel, and we're going to make this stick. Let's go full speed ahead. And, as always,\" he said wryly, \"world domination proceeds.\"\n\n[Editorial standards](/editorial-guidelines/)", "url": "https://wpnews.pro/news/rust-will-save-linux-from-ai-says-greg-kroah-hartman", "canonical_source": "https://www.zdnet.com/article/rust-will-save-linux-from-ai-says-greg-kroah-hartman/", "published_at": "2026-05-27 17:03:56+00:00", "updated_at": "2026-05-27 17:16:33.369236+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety"], "entities": ["Greg Kroah-Hartman", "Rust", "Linux", "ZDNET", "Rust Week"], "alternates": {"html": "https://wpnews.pro/news/rust-will-save-linux-from-ai-says-greg-kroah-hartman", "markdown": "https://wpnews.pro/news/rust-will-save-linux-from-ai-says-greg-kroah-hartman.md", "text": "https://wpnews.pro/news/rust-will-save-linux-from-ai-says-greg-kroah-hartman.txt", "jsonld": "https://wpnews.pro/news/rust-will-save-linux-from-ai-says-greg-kroah-hartman.jsonld"}}