Linus Torvalds has dismissed the idea that the Linux kernel will adopt a generally anti-AI stance. His statement does not authorize models to write or approve code without oversight, but it does establish that tools like Sashiko can participate in patch review when they demonstrate utility. While Linux is publicly debating its limits, Microsoft, Apple, and Google are already integrating agents and models into their operating systems and development environments.
The essentials of AI in operating systems in 30 seconds
- Torvalds considers it proven that AI can find real errors and rejects banning it on ideological grounds.
- Sashiko reviews Linux patches through eleven stages, though it can generate false positives.
- Microsoft attributes the discovery of 16 Windows vulnerabilities to a system with over 100 agents.
- Apple integrates agents from Anthropic, Google, and OpenAI into Xcode 27.
- Android is preparing applications that can expose functions directly to Gemini and other agents.
The discussion started on the public kernel mailing lists when considering how to handle Sashiko reports—an agent-based tool that analyzes changes before they reach Linux. Some developers wanted each warning to be manually reviewed before being sent to the patch author. Others argued that this requirement would shift the effort back onto maintainers and undermine much of automation’s usefulness.
Torvalds stepped in to set the project’s overall stance. No one will be forced to use AI, but an outright opposition cannot prevent others from using it. Those who disagree can create forks or stop participating, as is common in open-source software.
Linux wants AI to review code, not to replace maintainers
Sashiko is not a Google tool nor an officially integrated part of the kernel acceptance process. It is a specialized project that supports multiple providers, including Gemini, Claude, GitHub Copilot, OpenAI-compatible services, Amazon Bedrock, and Vertex AI.
The tool divides review into eleven phases: understanding the purpose of the change, checking implementation against description, analyzing execution paths, memory, synchronization, security, and hardware behavior. The final stages group similar warnings, weigh pros and cons of findings, and prepare a response following Linux’s usual checklist format.
| Sashiko Capabilities | Objective |
|---|---|
| Conceptual analysis | Detect architecture or interface errors |
| Execution tracking | Review returns, conditions, and error paths |
| Memory and resources | Identify leaks, double frees, and use-after-free issues |
| Concurrency | Search for deadlocks, races, and RCU failures |
| Security auditing | Identify overflows and out-of-bounds accesses |
| Driver review | Check DMA, registers, and memory barriers |
| Discussion and verification | Reduce duplicates and false positives |
Developers claim Sashiko detected 53.6% of errors in a retrospective sample of 1,000 changes that had passed human review and later required corrections. The test used Gemini 3.1 Pro. They estimate false positives at below 20%, though they acknowledge that this figure derives from limited manual review.
Therefore, Sashiko cannot yet be considered an autonomous and reliable reviewer in all cases. Its value lies in providing a second layer capable of traversing code and relationships that a person might overlook, not in making final decisions.
The Software Freedom Conservancy, whose guidelines partly sparked this debate, does not call for banning AI altogether. Its recommendations support those choosing not to use it, require contributions generated by AI to be understood and reviewed by their authors, and propose reporting the used model. The most contentious point is that automated, unsupervised contributions should only be submitted to spaces that explicitly accept them.
Torvalds agrees that AI should not flood review lists with irrelevant notices but rejects that caution becoming a blanket barrier. His view is technical: if it finds faults and reduces workload, it will be used; if it generates noise, maintainers will ignore it.
Windows already uses over 100 agents to find vulnerabilities
Microsoft has advanced further with internal AI use on its OS codebase. In May 2026, it announced that MDASH, its agent-based security platform, had helped locate 16 vulnerabilities in Windows network and authentication components. Four were classified as critical, allowing remote code execution.
MDASH does not depend on a single model. It coordinates over 100 specialized agents that inspect code, discuss findings’ validity, remove duplicates, and attempt to produce evidence confirming that a flaw can be exploited.
The system was used on components like tcpip.sys, ikeext.dll, http.sys, Netlogon, and DNS resolution libraries. Microsoft incorporated the discovered flaws into its security process and published CVE identifiers within Windows updates.
| System | AI Usage | Outcome or Status |
|---|---|---|
| Linux | External patch review with Sashiko | Open debate; no automatic acceptance |
| Windows | Internal vulnerability hunting with MDASH | 16 flaws found, four critical |
| macOS, iOS, and others | Agents in Xcode | Available to developers in Xcode 27 |
| Android | Local models and agents capable of operating apps | AppFunctions and Gemini Nano 4 in development or phased rollout |
Microsoft claims MDASH found the 21 intentionally injected errors in a private test controller without generating false positives during that run. In retrospective tests, it identified 96% of 28 known vulnerabilities in clfs.sys and 100% of seven cases in tcpip.sys. These are internal results over limited sets and do not guarantee similar performance on future components.
The key difference with Sashiko is the environment. Microsoft works with proprietary code, with security teams validating warnings before they reach the monthly update cycle. Linux, on the other hand, receives distributed contributions via public mailing lists and must prevent automatic systems from consuming developer time, often volunteered.
Windows also incorporates AI as a system capability. The Copilot+ teams include components, models, and runtime layers that operate locally via neural processing units. Microsoft sets a 40 TOPS threshold for such devices and offers Phi Silica as a local model for generating, summarizing, and rewriting text.
Linux does not currently introduce an equivalent user-facing layer. Torvalds’ involvement refers to the review process for the kernel, not an embedded assistant within the desktop.
Apple and Android integrate agents into development and apps
Apple has taken a different route. Xcode 27 incorporates agents from Anthropic, Google, and OpenAI directly into the development environment used for creating apps for macOS, iOS, iPadOS, watchOS, and visionOS.
These agents can generate plans, modify code, write and run tests, work in isolated environments, check visual changes, and manage simulators. They can also connect to external tools via the Model Context Protocol and other agents supporting the Agent Client Protocol.
Apple has not announced that these systems are autonomously modifying the macOS kernel. The announcement targets app developers. Nonetheless, it indicates the company already accepts agents capable of operating over extended periods and validating some of their own outputs within its official tools.
AI has also been integrated into Apple’s user systems. Apple Intelligence combines local execution with Private Cloud Compute, present in iOS, iPadOS, and macOS apps. The upcoming versions with iOS 27 and macOS 27 will extend this integration with new foundational models and Siri AI.
Google is transforming Android into a platform where agents not only respond to questions but can execute tasks within apps. The experimental AppFunctions API allows apps to expose functions, services, and data via a variant of the Model Context Protocol integrated into the device. Gemini can leverage these capabilities to navigate apps on behalf of the user.
Android also has AICore, a system service running Gemini Nano locally and keeping the model updated. Google plans Gemini Nano 4 devices arriving in 2026 and offers APIs to summarize, rewrite, describe images, or produce structured outputs without necessarily sending data to the cloud.
The main difference among the four platforms is not in accepting or rejecting AI but in how they layer it:
- Windows already uses it to find vulnerabilities within proprietary code and as a local component of the OS.
- Apple embeds it in Xcode and various platform features.
- Android develops a system where apps can offer actions directly to agents.
- Linux begins by publicly reviewing kernel changes to foster transparency.
Linux’s open model makes the debate more visible. Torvalds’ emails, developers’ objections, and Sashiko’s metrics can all be examined publicly. Proprietary systems reveal only the products and results their companies choose to disclose, not the internal details of how they employ AI for internal development.
Torvalds’ stance doesn’t resolve concerns about licenses, privacy, costs, or quality. But it confirms that the kernel won’t try to isolate itself from a technology already used by its main competitors to program, find vulnerabilities, and transform OS interactions.
Frequently Asked Questions
Will Linux allow AI to automatically approve patches?
Nothing like that has been announced. Authors and maintainers will still be responsible for reviewing, accepting, or rejecting each change.
Does Microsoft already use AI to fix Windows?
Microsoft confirmed that MDASH helped discover 16 vulnerabilities incorporated into its update process. The system can also generate and validate fix proposals, but final decisions remain with its security teams.
Does Apple use agents to develop macOS and iOS?
Xcode 27 incorporates agents from Anthropic, Google, and OpenAI to create and verify applications. Apple has not stated that these agents autonomously maintain the core of its operating systems.
What is the difference between Sashiko and Gemini in Android?
Sashiko analyzes Linux kernel patches. Gemini in Android targets user-facing functions and agents that can interact with applications through system APIs.
Source: Linus Torvalds closes the debate: Linux will not be an anti-AI project

