Anthropic’s AI-Generated Rust Port of Bun Raises Safety Questions Amidst 10,000 Unsafe Blocks

Bun, the JavaScript runtime acquired by Anthropic in December, has completed a significant architectural shift by replacing its core Zig implementation with a Rust codebase. The transition, marked by the merger of PR #30412 into the main branch on May 14, involved over one million lines of code and 6,755 commits. According to Bun creator Jarred Sumner, the rewrite was generated almost entirely by Claude Code agents over a nine-day period, with Sumner noting that the team had not manually typed code for many months prior to the merge.

The new Rust implementation demonstrates neutral-to-faster performance benchmarks and a reduction in binary size, shrinking by several megabytes on Linux x64 systems from a starting point of approximately 93MB. Crucially, the rewrite passed 99.8 per cent of Bun’s existing test suite. However, this high pass rate reflects behavioural equivalence at the public interface rather than internal code safety or soundness. The benchmarks and test results indicate that the new runtime functions identically to its predecessor, but they do not validate the underlying memory management practices.

The primary justification for migrating to Rust was to address the memory bugs that plagued the Zig codebase, such as use-after-free and double-free errors, by leveraging the language’s compiler-assisted memory safety features. Yet, the resulting codebase contains more than 10,000 unsafe blocks across over 700 files. For context, uv, a Rust project of comparable size, contains only 73 unsafe blocks. This disparity is a direct consequence of the porting strategy, which instructed agents to translate the Zig code faithfully, preserving the same architecture and data structures file by file.

Critics argue that this faithful translation has preserved manual memory management patterns within Rust, necessitating extensive use of unsafe blocks where the borrow checker would otherwise reject the code. The high volume of unsafe code undermines the language’s safety guarantees, as verifying the soundness of such code remains an open research problem. Amazon has convened a community effort specifically to verify the unsafe code in the Rust standard library, underscoring the difficulty of auditing such systems even when human-authored.

The event highlights a significant disparity between the speed of AI code generation and the capacity for human or automated verification. Sumner initiated a follow-up pull request to delete the remaining 600,000 lines of Zig code, titling it "ai slop," which initially triggered GitHub’s automated anti-slop detection before being clarified as a self-inflicted action. The situation illustrates that while generation scales rapidly, verification does not, leaving a large pile of unsafe code as load-bearing infrastructure in a tool shipped to millions of users.