Hobbyist Daniel Diniz used Claude Code to systematically find 575+ bugs across nearly a million lines of code in 44 Python C-extensions (10-15% false positive rate, 140 reproduced). His responsible disclosure approach, with fixes already merged in 14 projects, demonstrates how to scale LLM-powered bug-finding while protecting maintainer capacity. The effort aims to make automated discovery of non-trivial memory safety and correctness issues more scalable for open-source.
Safety
Using LLMs to find Python C-extension bugs
Claude Code systematically discovered 575+ bugs in Python C-extensions with only 10-15% false positives, demonstrating practical scalability for LLM-powered vulnerability hunting in open source.
Wednesday, April 22, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety
/// RELATED