Earlier this week a security researcher using AI discovered CVE-2026-31431, a.k.a “Copy Fail” a 732-byte python script that cracks root for any local user on pretty well every linux distro since 2017.
I put out a short 2 minute video on what it looks like, along with a two line hot fix to put the fire out until you can properly patch your linux kernel.
copyfail is the 732-byte python script that gets you root access on practically every linux distro since 2017 and the two-line fix to buy you time before you patch.
2 minute clip, links and fix in reply. pic.twitter.com/3TdRnoBKBV
— AxisOfEasy (@axisofeasy) April 30, 2026
Props to the easyDNS ops team who patched the entire fleet (close to 500 servers) in under 8 hours.
While they were in there, they also upgraded the cPanel servers, which was fortuitous because no sooner had copyfail hit, a cPanel exploit dropped that (combined with copyfail, remember copyfail?) would give anybody remote admin access across all versions of cPanel and WHM.
There were also so many supply chain hacks this week we ran out of gas enumerating them ((PyPi, Vercel, Bitwarden CLI, the list goes on)
The TL;DR here is that AI has given everybody the ability to hack everything.
What’s to be done?
If you’re a developer or have code deployed, you need to be using tools defensively. One of my favourite tools is Shannon by KeygraphHQ. It’s a pen-testing tool that looks at your source code from the inside (you can only run against sites that you have access to the git repo, or a private gitlab) and then comes at your site from the outside, using AI and the knowledge of your source to find all the attack vectors.
