A new high-security zero-day vulnerability that has lurked in the Linux kernel since 2017 has just been found with the help of AI. This nine-year-old flaw, dubbed ‘Copy Fail’, was discovered by Taeyang Lee, a vulnerability researcher at offensive security firm Theori Lee openly disclosed he used Xint Code, a source code analyzing tool part of Theori’s AI-driven penetration testing platform, Xint.io, to discover the vulnerability. He reported the vulnerability to the Linux kernel security team on March 23, who started working on a patch over the next few days. The Linux kernel security team assigned Copy Fail a unique CVE identifier, CVE-2026-31431, on April 22 and Xint.io publicly disclosed it seven days later. Copy Fail is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled four-byte write into the page cache of any readable file on the system. Exploiting this vulnerability can allow an attacker to gain root access to the Linux kernel of a machine for all Linux distributions shipped since 2017. While it requires no network access, no kernel debugging features and no pre-installed primitives to successfully exploit the vulnerability, the attacker must have physical access to the target machine, with an unprivileged local user account. The vulnerability poses a risk to multi-user shared systems, container clusters (Kubernetes, Docker, etc.), and similar environments. A regular user could potentially access other users' data as a result. The vulnerability has been attributed a high-severity rating (CVSS) of 7.8.