Listen to this Post

Introduction:
On June 22, 2026, security researcher Matt Suiche and Tolmo’s threat research team documented something unprecedented: Anthropic’s Claude Fable 5, an AI model released just days earlier, generated a complete, bootable NT-compatible Windows kernel written in Rust from an empty directory in just 38 minutes of active model work. The project, named ntoskrnl-rs, produced approximately 5,100 lines of code across 27 files—spanning the scheduler, memory manager, interrupt handling, object manager, and I/O manager—and successfully booted in the QEMU emulator while passing all 14 built-in self-tests. This milestone raises profound questions about the future of developing and verifying trusted computing bases (TCB), where any flaw can undermine the integrity of an entire system.
Learning Objectives:
- Understand how AI models like Claude Fable 5 can autonomously generate complex operating system kernels and the technical architecture behind ntoskrnl-rs
- Master the verification and security implications of AI-generated low-level code, including tooling like Miri and Loom for detecting undefined behavior and concurrency issues
- Learn practical commands and techniques for building, booting, and debugging Rust-based kernels in QEMU, along with kernel driver development in Rust
You Should Know:
- The Anatomy of ntoskrnl-rs: How an AI Built a Kernel from Scratch
The ntoskrnl-rs project began as an empty repository and evolved into a functioning x86_64 kernel that boots in QEMU. The AI-generated code includes core subsystems that are typically complex and security-critical: memory allocation, thread scheduling, synchronization primitives, and basic I/O operations via a null driver interface. The model structured the kernel closely in alignment with Microsoft’s ntoskrnl architectural design, initializing low-level constructs such as the Global Descriptor Table (GDT) and Interrupt Descriptor Table (IDT), and mapping hardware-level abstractions like Interrupt Request Level (IRQL) to CR8 registers.
Key metrics from the session include 197 assistant turns, 110 tool calls (45 writes, 25 Bash commands, 18 edits), 43 files touched, approximately 407,000 output tokens on 11,000 fresh input tokens, and a time-to-bootable-core of 38 minutes. Notably, Fable 5 authored roughly 40% of the project’s from-scratch code in only 3% of the total turns. The remaining 97% of turns—eight days of iterative, debug-heavy bring-up—ran on Claude Opus 4.8, which expanded the kernel to load unmodified Windows kernel drivers and execute real Windows binaries including sort.exe, choice.exe, and cmd.exe.
To build and boot a Rust kernel in QEMU yourself:
Install QEMU on Linux sudo apt install qemu-system-x86 On macOS brew install qemu Build a Rust kernel with cargo cargo build --target x86_64-unknown-1one Create a bootable disk image with bootimage cargo bootimage Run the kernel in QEMU qemu-system-x86_64 -drive format=raw,file=target/x86_64-unknown-1one/debug/bootimage-kernel.bin
- The AI’s Autonomous Debugging Capability: Self-Correction in Real Time
What distinguishes this from simple code generation is Fable 5’s demonstrated capacity for unsupervised systems reasoning. The model caught and corrected two critical low-level bugs mid-generation without any human intervention:
EOI ordering bug: The model identified that the end-of-interrupt (EOI) signal must be issued before a potential context switch, as preemption mid-dispatch would deadlock the local interrupt controller.
IRQL emulation bug: When host tests returned 11/12, Fable diagnosed that the interrupt request level emulation used a single global atomic shared across test threads. It corrected this to a per-thread thread_local variable mirroring real per-CPU hardware behavior and passed 12/12.
The model also embedded architectural commentary in the code, explaining why the NT GDT selector ordering matches the IA32_STAR MSR format—demonstrating forward-looking ABI reasoning rather than simple pattern matching. These corrections suggest reasoning beyond pattern generation, indicating an understanding of kernel-level concurrency and hardware interactions.
For debugging kernel code, here are essential WinDbg commands:
Start WinDbg kernel debugging (Windows host) windbg -k net:port=50000,key=1.2.3.4 Common WinDbg commands !analyze -v Analyze crash dump !thread Display current thread information !irql Display current IRQL !process 0 0 List all processes bp nt!KiPageFault Set breakpoint on page fault handler g Go/continue execution
- The Memory-Safety Advantage: Why Rust Matters for Kernel Development
The choice of Rust is not incidental. Rust eliminates the memory-safety bug classes—buffer overflows, use-after-free, and other memory-safety errors—that dominate OS CVEs. Historically, these vulnerabilities account for a high percentage of critical vulnerabilities in operating systems and cloud software. Microsoft has been actively promoting the use of Rust to refactor some kernel components to enhance security, though the company has officially clarified that there are currently no plans to use AI to completely rewrite Windows.
The ntoskrnl-rs project demonstrates that AI can now generate memory-safe kernel code at unprecedented speed. However, as Check Point Research demonstrated with a critical vulnerability found in Microsoft’s Rust-based Windows kernel GDI component, even memory-safe languages can have security gaps when integrated into legacy systems.
To set up Rust for Windows kernel driver development:
Install Rust curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh Add the rust-src component rustup component add rust-src Install cargo-make for build automation cargo install cargo-make Create a new kernel driver project cargo new --lib my_kernel_driver cd my_kernel_driver Configure for no_std environment echo '![bash]' > src/lib.rs
4. The Verification Gap: When Authoring Outpaces Auditing
The kernel boots and passes tests—but it is not yet trusted. Fable 5 itself identified this gap unprompted, flagging the dispatcher lock hand-off, spinlocks, and DPC queue as the highest-risk paths. The model recommended using Loom for exhaustive concurrency exploration and Miri for undefined behavior detection.
This is the critical security implication: authoring capability has outpaced verification. A model can produce the Trusted Computing Base of an x86_64 kernel faster than any human team can audit it. Until tooling like formal verification, property testing, and concurrency model checkers can close that gap, an AI-authored kernel remains a booting artifact of unknown correctness—and unknown correctness has no place in a TCB.
Verification tools for Rust code:
Install Miri for undefined behavior detection rustup component add miri Run Miri on your project cargo miri test Install Loom for concurrency testing (add to Cargo.toml) [dev-dependencies] loom = "0.5" Run Loom tests cargo test --release For formal verification with Verus https://github.com/verus-lang/verus
5. Step-by-Step: Building and Testing an AI-Generated Kernel
To understand how ntoskrnl-rs was built and tested:
Step 1: Environment Setup
The experiment began with an empty repository. The AI model was given access to a development environment with QEMU installed, Rust toolchain configured, and basic build scripts available.
Step 2: Core Scaffolding Generation
Fable 5 generated the core scaffolding in a single contiguous session, producing approximately 5,100 lines of code across 27 files. This included the scheduler, memory manager, trap and interrupt machinery, object manager, and I/O manager.
Step 3: Self-Test Execution
The kernel was booted in QEMU and ran 14 in-kernel self-tests, exiting with exit code 33—the project’s standing pass contract.
Step 4: Iterative Debugging
The remaining 97% of turns ran on Claude Opus 4.8 over eight days, expanding the kernel to load unmodified Windows kernel drivers and execute real Windows binaries.
Step 5: Verification Recommendations
The model itself proposed advanced verification techniques, including concurrency testing using Loom and undefined behavior detection with Miri.
Windows kernel debugging setup:
On Windows host with WDK installed Configure kernel debugging via network bcdedit /debug on bcdedit /dbgsettings net hostip:192.168.1.100 port:50000 key:1.2.3.4 Reboot and attach WinDbg windbg -k net:port=50000,key=1.2.3.4
- The Export Control Reality: Fable 5’s Short Public Life
Fable 5 shipped on June 10, 2026, as the public version of Anthropic’s Mythos cybersecurity model. Within days, a US government export-control directive forced Anthropic to suspend access entirely. The model carries aggressive cybersecurity safety classifiers broad enough to flag adjacent defensive work, highlighting the tension between AI capability and regulatory control.
This regulatory response underscores a fundamental challenge: when AI models can generate weapons-grade code (or defensive equivalents), export controls become both necessary and difficult to enforce. The ntoskrnl-rs demonstration may have been precisely the kind of capability that triggered the suspension.
7. Practical Security Implications for Organizations
For CISOs and security teams, the implications are clear:
- Review software assurance processes to ensure AI-generated code receives the same rigorous validation as human-written code
- Expand secure development programs to include formal verification, property testing, and advanced code-review techniques
- Track AI usage within development teams and maintain visibility into where AI-generated components are being introduced into critical systems
Security teams should prioritize behavioral and anomaly-based detection over static signatures, monitor for outbound API calls to commercial AI providers from non-development endpoints, and treat AI API dependencies in vendor-supplied software as an emerging supply chain risk.
AI-generated code security scanning:
Scan AI-generated code for vulnerabilities (example tools) OWASP Dependency-Check dependency-check --scan ./src --format HTML cargo-audit for Rust dependencies cargo install cargo-audit cargo audit Clippy for Rust linting cargo clippy -- -D warnings
What Undercode Say:
- Key Takeaway 1: The ntoskrnl-rs demonstration proves that AI can now generate complex, low-level systems code—including operating system kernels—faster than human teams, but verification capabilities have not kept pace. The AI itself identified this gap and recommended advanced verification tools like Loom and Miri.
-
Key Takeaway 2: Rust’s memory-safety properties make it an ideal language for AI-generated kernel code, potentially accelerating the replacement of legacy C codebases. However, even memory-safe languages have vulnerabilities when integrated with legacy systems, as demonstrated by the recent Rust-based Windows kernel GDI vulnerability.
Analysis:
The ntoskrnl-rs experiment represents a watershed moment in autonomous systems programming. The fact that an AI model can generate a bootable kernel, catch its own bugs, and explain architectural decisions demonstrates a level of reasoning that goes far beyond pattern matching. However, the verification gap is alarming: we now have AI systems that can write code faster than we can audit it. The internet’s critical infrastructure runs on aging C codebases maintained largely because rewriting a TCB has historically been too costly and too risky. An AI-authored Rust kernel represents a double lever—Rust eliminates memory-safety bugs while AI accelerates development—but without formal verification, trust remains elusive. The export control response to Fable 5 suggests that governments recognize this capability’s dual-use nature. Organizations must prepare for a future where AI-generated code becomes ubiquitous in critical systems, and they must invest in verification tooling accordingly.
Prediction:
- +1 The ntoskrnl-rs demonstration will accelerate investment in formal verification tools for Rust, including Verus and similar SMT-based verifiers, making verified AI-generated kernels a reality within 3-5 years.
-
+1 AI-assisted kernel development will enable rapid modernization of legacy critical infrastructure, potentially reducing the attack surface of aging C codebases by replacing them with memory-safe Rust equivalents.
-
-1 Until verification catches up, AI-generated kernels will remain untrusted, creating a dangerous gap where organizations may deploy AI-written code without adequate security review—leading to critical vulnerabilities.
-
-1 The export control response to Fable 5 signals that advanced AI models capable of generating system-level code will face increasing regulatory restrictions, potentially limiting access for legitimate security researchers while failing to stop malicious actors.
-
-1 The verification gap between AI authoring and human auditing will widen as models become more capable, creating a systemic risk where the trustworthiness of AI-generated code cannot be assured at scale.
▶️ Related Video (64% Match):
https://www.youtube.com/watch?v=1UmjkWlqKe0
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Divya Kumari – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


