A Vague Rumor Found Real 0-Days in Vim and Emacs. Here's Why It Worked.

A few days ago, a security researcher typed this into Claude: "Somebody told me there is an RCE 0-day when you open a file. Find it." No code pointers. No specific functions to check. No vulnerability class to search for. Just a rumor. Claude found a real remote code execution vulnerability in Vim. It was patched within hours as GHSA-2gmj-rpqf-pxvh, fixed in v9.2.0272. Opening a crafted markdown file was enough to execute arbitrary code. The researcher joked they'd switch to Emacs. Then they ran a variation: "I've heard a rumor that there are RCE 0-days when you open a txt file." Claude found one there too. Opening a .txt file from a crafted directory structure. No CVE—the Emacs maintainers said it was Git's problem, not theirs. (More on that in a moment.) Why Does a Vague Hint Work Better Than a Detailed Checklist? The instinct is to think you should give AI more precision. Tell it exactly what to look for. Enumerate the vulnerability classes. Point it to the risky code paths. This is