Microsoft Boss Startled as AI Uncovers 40-Year-Old "Flaw" in His Software

A new era in the hunt for cybersecurity vulnerabilities has arrived, with artificial intelligence machines now taking full control.

A recent informal experiment by a Microsoft executive has successfully demonstrated the alarming capability of AI in uncovering weaknesses in legacy programmes that are decades old.

Mark Russinovich, Chief Technology Officer (CTO) of Microsoft Azure, tested the latest AI model created by Anthropic, Claude Opus 4.6.

The code being tested was no ordinary programme, but “Enhancer”. This was a small programme written by Russinovich himself in May 1986.

Written in 6502 assembly language, the programme originally functioned to modify Applesoft BASIC so it could use variables in GOTO, GOSUB, and RESTORE commands.

The results of the experiment were utterly astonishing. Claude Opus 4.6 proved capable of far more than simply reading the ancient code.

The AI successfully decompiled the 6502 machine code back into an easily readable format, complete with additional labels and highly accurate logic comments.

Claude Opus 4.6 also discovered a hidden logic error (logic error) that had been “dormant” for 40 years.

One of its critical findings was a “silent incorrect behaviour” bug.

Claude detected that if the programme failed to find the target line being searched for, the system would not display an error warning. Instead, the programme would simply allow execution to jump to the next line or even reach the end of the programme.

The AI also provided a highly relevant solution aligned with 6502 programming patterns.

Claude suggested that Russinovich add a command line to check the carry flag status, which automatically activates if a line is not found, then direct execution to an error handling system.

“We are entering an era of vulnerability discovery that is being accelerated by AI and operating automatically. This capability will be exploited by both defenders and attackers,” explained Russinovich.