‘Copy Fail’ is a real Linux security crisis wrapped in AI slop

Attackers are actively exploiting CVE-2026-31431 (dubbed “Copy Fail”), a high-severity Linux kernel local privilege-escalation discovered and disclosed by Theori using AI; the flaw can grant root on many mainstream Linux kernels dating back to 2017. Major distributions issued patches and CISA added the CVE to its known exploited vulnerabilities catalog, but exploitation requires prior local/authenticated access or another foothold; numerous proof-of-concept exploits and AI-generated copycats have since appeared, increasing defender workload.