Wiz’s AI-Powered Strike: How Claude Cracked GitHub’s Git Fortress for a Fat Bounty

Wiz researchers used Claude Code and IDA MCP to uncover CVE-2026-3854, a critical RCE in GitHub's git infrastructure, earning a top bounty. AI slashed discovery time to 48 hours; GitHub patched in under six.
Wiz’s AI-Powered Strike: How Claude Cracked GitHub’s Git Fortress for a Fat Bounty
Written by Dave Ritchie

Security firm Wiz just pulled off something rare in bug hunting. Researchers there handed GitHub a report on a critical remote code execution flaw—CVE-2026-3854, scored 8.8—that could let any authenticated user run arbitrary code on backend servers with one git push command. Full read/write access to private repositories. Millions at risk. And they did it with AI help that slashed months of grunt work to 48 hours. The Register called it a ‘genuinely helpful AI-assisted bug report that isn’t total slop.’ No hype. Just results.

The vulnerability hid in GitHub’s internal git infrastructure, specifically how server-side git push operations get handled. Attackers could exploit a cross-component trust boundary in the closed-source X-Stat protocol. Wiz reverse-engineered GitHub’s compiled binaries without source access. That’s where AI stepped in hard. They leaned on Claude Code, Anthropic’s agentic coding tool, for the heavy lifting. Paired it with IDA MCP for automated reverse engineering. ‘By leveraging AI-augmented tooling, particularly automated reverse engineering using IDA MCP, we were able to do what was previously too costly,’ Wiz explained in their disclosure. Idea to working exploit. Under two days. The Register.

GitHub moved fast. CISO Alexis Wales said the team reproduced the issue in 40 minutes. Fix deployed in an hour after root cause ID. Total: under six hours from report to patch across GitHub.com and Enterprise Server. Forensics showed no exploitation. One of the program’s top bounties followed. Wiz researcher Sagi Tzadik called it one of the first critical bugs found in closed-source binaries via AI. ‘Remarkably easy to exploit’ despite the system’s complexity, he noted. BSCNews on X.

This isn’t AI slop. Past bug reports from LLMs flooded maintainers with garbage—Linux kernel czar Greg Kroah-Hartman griped about it earlier this year, though he noted improvement. The Register. Wiz’s output impressed. GitHub validated it swiftly. Paid up big. Claude Code orchestrated the reverse engineering, sifting binaries, reconstructing protocols, spotting the flaw. IDA MCP, likely an AI-enhanced plugin for Hex-Rays’ IDA Pro disassembler, automated the tedious bits. No more manual hex staring for weeks.

Think about the shift. Bug bounties once demanded elite manual skills. Months poring over disassembly. Now AI agents like Claude Code handle the grind. Wiz went from hunch to proof-of-concept exploit in record time. Cost barrier smashed. More researchers can chase high-value targets. GitHub Enterprise Server users got hit too—88% of instances still vulnerable weeks post-patch, per Hacker News chatter. Hacker News. Patch to 3.19.3 or later, GitHub urged.

But risks linger. 88% unpatched on-prem setups scream complacency. And AI in security cuts both ways. The same tools cracking GitHub could empower attackers. Wiz responsibly disclosed. Others might not. Claude Code’s rise fits broader agentic coding trends—tools like Cursor, Copilot agents now autonomous in workflows. Yet incidents pile up: Cursor-Opus nuked a startup’s production DB last week. The Register. Agents need guardrails.

GitHub’s response sets a benchmark. Rapid repro. Quick fix. Fat payout. Signals trust in AI-assisted reports. No dismissal as ‘slop.’ Bounty programs may see a flood of quality submissions. Lowers entry for smaller teams. Wiz cashed in—exact amount undisclosed, but top-tier. Their research blog details the tech: CVE-2026-3854 stemmed from improper validation in git push handling. Single command grants RCE. Patched March 10 in GHES 3.19.3.

Industry insiders watch closely. AI isn’t replacing pentesters. It’s amplifying them. Wiz proved agents excel at scale—plowing through months of analysis in days. But humans still craft the hypotheses, validate exploits. Expect more such wins. And more pressure on vendors to patch faster. GitHub did. Others must follow. This bug report? Not slop. Breakthrough.

Subscribe for Updates

GenAIPro Newsletter

News, updates and trends in generative AI for the Tech and AI leaders and architects.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us