← Back to stories Modern data center corridor with server racks and computer equipment. Ideal for technology and IT concepts.
Photo by Brett Sayles on Pexels
凤凰科技 2026-03-29

20-Year-Old Linux Vulnerability Exploited in 90 Minutes! Claude 5.0 Spotted in Surprise Internal Beta — Even Anthropic Is Alarmed

The twin shock

It has been reported that a two-decade-old Linux vulnerability was exploited within 90 minutes of public exposure. At roughly the same time, Claude 5.0 — the next-generation model from Anthropic — was reportedly spotted in a surprise internal beta, sparking alarm inside the company. Two separate incidents. One theme: old weaknesses plus rushed deployments create systemic risk.

What this means for operators

A 20-year-old kernel bug being weaponized so quickly exposes how brittle distributed infrastructure can be. Linux underpins clouds, edge devices and critical enterprise stacks worldwide; fast exploitation of long‑standing flaws shows defenders are chasing blind spots. Likewise, an internal model surfacing outside formal release channels raises governance and intellectual‑property questions. Who audited that beta? What controls were in place to prevent data exfiltration or tool misuse? Reportedly, even Anthropic is reviewing internal controls.

Governance, not just patches

The technical problems point to a deeper governance gap. AI teams often lean on monolithic prompts or RAG (retrieval‑augmented generation) to constrain behavior — a “soul.md” file of rules, if you will. But experts argue organizations must move to ontologies and layered governance: a machine‑readable ontology engine, strict tool-call rules (for example, Query_Ontology_Engine(action, payload)), explicit error-handling and auditable override costs. Without that, logic hallucinations and cascading rule conflicts are inevitable. Who is accountable if a model issues a bad financial instruction or a patched kernel is still exploited?

Bigger picture: regulation and geopolitics

These incidents will attract regulatory and security scrutiny. In an era of supply‑chain rules, sanctions and export controls, fragmented disclosures and surprise internal betas complicate compliance across jurisdictions. For companies and policymakers alike the lesson is blunt: patching and model governance must be as disciplined as production releases. Old vulnerabilities remain dangerous, and so do new models released without ironclad controls — together they are a risky mix.

AI
View original source →