Is Open Source software more fragile, at the age of AI?
AI is everywhere, and that includes security. Recent security holes in digital infrastructure—particularly in Linux—have been revealed, and were widely reported as “identified by AI.” Thus, concerns were raised as well: some people argue that open source, by making source code accessible to everyone, removes barriers for an attacker to use AI to massively scan for security vulnerabilities and exploit them, and is no longer safe.
This perspective encouraged a call for re-evaluating the security benefits of open source, and could lead to more hesitation when an entity is considering whether to share source code with the world. Thus, it is important to address these concerns with fact-based reviews and to clarify misconceptions that have been spread widely across the mass population.
First and foremost, as misrepresented by much of the media coverage, AI has not found either of the two severe vulnerabilities (namely CopyFail and DirtyFrag ).
For CopyFail, its introduction page FAQ section stated this:
Was this AI-Found? AI-assisted. The starting insight—that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class—came from human research by Taeyang Lee at Xint. From there, Xint Code scaled the audit across the entire crypto/ subsystem in roughly an hour. Copy Fail was the highest-severity finding in the run.
It is not hard to see that what truly matters—the starting point—is provided by a human researcher. At its most, AI has done the verification and further testing part. It is true that AI did help, but not in ways that many people have anticipated.
For DirtyFrag, its GitHub page clearly mentioned the “Dirty Frag vulnerability class,” first discovered and reported by Hyunwoo Kim (@v4bel). The discovery of this vulnerability class is declared to be motivated by CopyFail’s discovery, and it is also implied by the description mentioned above as originating from 100% pure human efforts. Of course, one can argue that researchers are dishonest about their methods, but that would be a serious accusation of academic integrity, and it should never be raised without a clear chain of evidence. We must show gratitude to good actors who help preserve cybersecurity, instead of blindly awarding AIs for their “findings.”
Second, it is also worth mentioning that open source is not about letting source code be available.
Apart from open source, software products can be shipped to users with their source code attached or source code becoming later available. Users of early web and computers may know what I am talking about, but this is a fact ignored by much of today’s user base, which grew up in an era where platforms, rather than software, largely dominate how they live. Source-available software were not uncommon, and one difference between it and open source software is the license. Sources provided by commercial software usually stated “All Rights Reserved,” while open source projects grant some of those rights — the right to modify and share the software as long as specific requirements are met.
So, it should be noticed that open source is not a way of developing some kind of software; it is why you develop software. You write code for your own freedom and for others’ liberties: the liberties to have control over what is executed on their computers, and the equality in opportunities to code and have fun with computers. Open source is not a tool—it is a value itself.
By accepting that value, there come risks. There will be no secrets in code. There might be low-quality or even malicious projects and submissions and modifications. But these risks have been present since day one of the entire open source thing, and even today, those risks have not grown larger than those of commercial, closed-source software. In closed-source software, even if there are dozens of holes—or backdoors—waiting to be exploited, one may never know. Not to mention that the value of openness itself.
Has open source become more fragile? Of course, yes. AI has done great damage to open source, not by finding its hidden vulnerabilities, but by submitting false positives. Many projects—some of which provide a bounty for those who submit valid vulnerabilities—are getting flooded in their inboxes with so-called disclosures and fixes. However, most of these are simply hallucinated false positives by AI. There are no security holes, but AI thinks there are. For security, this is not desirable. True information can be obfuscated, and worse still, frustrated and exhausted maintainers are forced to take extreme measures—closing bounty programs, blocking security disclosure channels. Example given as cURL, which stopped their bounty program Jan, 2026. Eventually, this can lead to valuable findings being ignored, which can largely benefit bad actors.
AI is a tool, and unfortunately the most powerful ones are not yet open source and are not expected to be open sourced in the near future. This has made AI inherently unfriendly to an initiative focused on openness and freedom of use. But as always, a foe could be turned into a friend. While AI may not end the security industry, it will largely shift it, and we should do our best to ensure the shift is for the better. This may include
Stand with open source. When something is becoming fragile, the last thing we want to do is screaming at it.