Open Source Died Yesterday. AI Killed It. What Replaces It Is Worse.

The article discusses the impact of AI on the open-source software ecosystem, with the recent decision by Cal.com to close their source code as an example. It argues that closing the code is not the right solution to the problem posed by AI-powered reverse-engineering and vulnerability discovery.

Details

The article discusses the recent decision by Cal.com, a large Next.js open-source project, to close their source code, citing the threat posed by AI-powered reverse-engineering and vulnerability discovery. The article then delves into the capabilities of Anthropic's Mythos AI model, which has been able to identify and exploit several long-standing vulnerabilities in open-source software, including a 27-year-old bug in OpenBSD and a 16-year-old bug in FFmpeg's H.264 decoder. The article argues that the solution of closing source code goes against the 143-year-old principle of Kerckhoffs, which states that a security system should not rely on secrecy. The article also draws parallels to the panic around automated fuzzing tools in the late 90s and early 2000s, and argues that the industry adapted to those tools rather than closing source code. The article concludes that the solution is not to close the code, but to adapt to the new challenges posed by AI-powered tools.