Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Anthropic\u2019s Claude Fable 5<\/a> generated a complete, bootable NT-compatible Windows kernel written in Rust called ntoskrnl-rs<\/em> from an empty directory in just 38 minutes of active model work, raising profound questions about AI-authored trust and the future of critical infrastructure security.<\/p>\n Documented by security researcher Matt Suiche and Tolmo\u2019s threat research on June 22, 2026, the project set out to rewrite Fable 5 handled the core scaffolding in a single contiguous session, producing approximately 5,100 lines of code across 27 files spanning the scheduler, memory manager, trap and interrupt machinery, object manager, and I\/O manager.<\/p>\n The kernel successfully booted in the QEMU emulator and passed all 14 in-kernel self-tests, exiting with the project\u2019s standing pass contract: exit code 33.<\/p>\n The wall-clock time across the full session was roughly four and a half hours, but most of that was the human operator away from the keyboard; the actual model-active work took 38 minutes.<\/p>\n What distinguishes this from simple code generation is Fable 5\u2019s demonstrated capacity for unsupervised systems reasoning. The model caught two critical low-level bugs mid-generation without human intervention:<\/p>\n The model also left architectural commentary embedded in the code explaining why<\/em> the NT GDT selector ordering matches the Fable 5 authored roughly 40% of the project\u2019s from-scratch code in only 3% of the total turns. The remaining 97% of turns eight days of iterative, debug-heavy bring-up ran on Claude Opus 4.8, which expanded the kernel to load unmodified Windows kernel drivers and run real Windows binaries including The model split was deliberate. Fable 5 carries aggressive cybersecurity safety classifiers broad enough to trip on adjacent defensive work. Notably, Fable shipped on June 10, 2026, as the public version of Anthropic\u2019s Mythos<\/a> cybersecurity model, and within days, a US government export-control directive forced Anthropic to suspend access entirely.<\/p>\n The kernel boots. It is not yet trusted. Fable 5 itself named the gap unprompted, flagging the dispatcher lock hand-off, spinlocks, and DPC queue as the highest-risk paths, and recommending This is the critical security implication: authoring capability has outpaced verification. A model can produce the Trusted Computing Base of an x86_64 kernel faster than any human team can audit it.<\/p>\n Until tooling like formal verification, property testing, and concurrency model checkers can close that gap, an AI-authored kernel remains a booting artifact of unknown correctness and unknown correctness has no place in a TCB.<\/p>\n The internet\u2019s critical infrastructure runs on aging C codebases maintained largely because rewriting a TCB has historically been too costly and too risky. An AI-authored Rust kernel represents a double lever: Rust eliminates the memory-safety bug classes that dominate OS CVEs, while an AI model eliminates the human-cost bottleneck of the rewrite itself.<\/p>\n Once verification tooling matures, the economic case for leaving legacy C in place collapses and large portions of the stack become candidates for AI-driven, memory-safe rewrites.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n The post Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nntoskrnl<\/code>The Windows NT kernel, in Rust.<\/p>\nClaude Fable 5 Wrote Windows Kernel Code<\/strong><\/h2>\n
\n
thread_local<\/code> variable mirroring real per-CPU behavior, and passed 12\/12.<\/li>\n<\/ul>\nIA32_STAR<\/code> MSR format demonstrating forward-looking ABI reasoning, not pattern matching, reads Tolmo\u2019s report<\/a>.<\/p>\nsort.exe<\/code>, choice.exe<\/code>, and cmd.exe<\/code>.<\/p>\nloom<\/code> for exhaustive concurrency exploration and Miri<\/code> for undefined behavior detection.<\/p>\n