Skip to main content

mastodon - Link to source
Why Powerful But Hard To Detect #Backdoors Could Become A Routine Problem For #OpenSource Projects Because Of #AI - techdirt.com/2025/09/04/why-po… really interesting issues here, which is why I wrote it...

Why Powerful But Hard To Detect Backdoors Could Become A Routine Problem For Open Source Projects Because Of AI

Last year, Andres Freund, a Microsoft engineer, spotted a backdoor in xz Utils, an open source data compression utility that is found on nearly all versions of GNU/Linux and Unix-like operating sys…
Techdirt
#opensource #AI #backdoors
in reply to Glyn Moody

Andreas K
mastodon - Link to source
Andreas K
Partial agreed here. #LLM based agents help significantly to lower the "cost of entry" for contributing to some random open-source project. It does from personal experience not generate magically changes that work, but they help, or what is the buzz word, they help with the velocity. OTOH, if you use TDD development, and some tests fail for obscure reasons, and you can run the agent in a sandbox, frontier models will often puzzle out obscure issues and edge cases on their own.
#LLM
in reply to Andreas K

Glyn Moody
mastodon - Link to source
Glyn Moody
@yacc143 the thing is, this is just the beginning; however limited they are now, they will continue to improve, hence the risk...
@Andreas K
in reply to Glyn Moody

Andreas K
mastodon - Link to source
Andreas K
Yes and no, currently they only save a bit of work, they change work, used correctly they almost certainly improve quality (because if you do not want go crazy with these things, the first thing you do, you go holier than the pope with coding standards, TDD, documentation, and best practices to the correct formatting to the footnotes.
In that way it's incredible fast coding, I've never written so perfectionist code so quickly. 90+% test coverage, A dozen code health tools in the
in reply to Glyn Moody

Craig
mastodon - Link to source
Craig

Impermeable systems tend to be very expensive.

For the average punter its a choice of granting access to multi national corps or betting on the trust of good people. Both have risk.