Forty years is a long time to wait for a code review. Mark Russinovich, Microsoft's Azure CTO, shared a utility he wrote in May 1986 called "Enhancer" - a program written in 6502 machine language (the assembly code that ran on Apple II computers) that let users plug variables and BASIC expressions into GOTO and GOSUB commands, something stock Applesoft BASIC could not do.
Russinovich fed the code to Claude Opus 4.6, Anthropic's most capable model released in early February 2026. Claude first decompiled the machine language into readable form, then performed a security analysis. It flagged a real vulnerability: a "silent incorrect behavior" flaw where, if a destination line was not found, the program would quietly set the pointer to the following line or past the program's end instead of throwing an error. The proper fix, Claude noted, would involve checking the carry flag (a hardware-level indicator set when a line is not located) and branching to error handling.
That is a legitimate bug. Not a hallucination, not a false positive - an actual behavioral flaw in 40-year-old assembly code that a human reviewer would need deep knowledge of 6502 architecture to catch.
Russinovich's takeaway, shared on LinkedIn: "We are entering an era of automated, AI-accelerated vulnerability discovery that will be leveraged by both defenders and attackers."
The practical angle here goes beyond nostalgia. Billions of embedded microcontrollers worldwide run firmware that has never been properly audited - think industrial controllers, medical devices, and infrastructure systems running code written decades ago in languages few people still read fluently. An AI model that can decompile machine language and spot logic errors in 6502 assembly could, in theory, audit legacy embedded systems that have been too expensive or too obscure for human review.