MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
attacks
Search

The hidden vulnerabilities of open source (FastCode)

Tuesday September 2, 2025. 04:06 PM , from LWN.net
The FastCode site has a
lengthy article on how large language models make open-source projects
far more vulnerable to XZ-style attacks.

Open source maintainers, already overwhelmed by legitimate
contributions, have no realistic way to counter this threat. How do
you verify that a helpful contributor with months of solid commits
isn't an LLM generated persona? How do you distinguish between
genuine community feedback and AI created pressure campaigns? The
same tools that make these attacks possible are largely
inaccessible to volunteer maintainers. They lack the resources,
skills, or time to deploy defensive processes and systems.

The detection problem becomes exponentially harder when LLMs can
generate code that passes all existing security reviews,
contribution histories that look perfectly normal, and social
interactions that feel authentically human. Traditional code
analysis tools will struggle against LLM generated backdoors
designed specifically to evade detection. Meanwhile, the human
intuition that spot social engineering attacks becomes useless when
the 'humans' are actually sophisticated language models.
Read more at LWN.net
https://lwn.net/Articles/1036373/

Related News

attacks UAE Lab Releases Open-Source Model to Rival China's DeepSeek SlashdotSep 13
how How open is “open-source” VTubing? OS NewsSep 13
source The hidden threat to AI performance InfoWorldSep 12
fastcode Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities Wired: Tech.Sep 11
open US Warns Hidden Radios May Be Embedded In Solar-Powered Highway Infrastructure SlashdotSep 11
maintainers Google Keep, discarded: A smart new source for Android location reminders ComputerWorldSep 10
tools What happens when you leave peanut butter in the forest? Caught on hidden camera BoingBoingSep 9
generated In new book, math professor reveals hidden math in Shakespeare, Radiohead, and Pixar BoingBoingSep 9
llm Google Tells Court 'Open Web is Already in Rapid Decline' After Execs Claimed It Was Thriving SlashdotSep 8
hidden Hidden frames reveal next Starfield DLC: Terran Armada details BoingBoingSep 8
when Nova Launcher’s open source release blocked by its owners, despite contractual obligations OS NewsSep 8
human How to Add WIRED as a Preferred Source on Google (2025) Wired: Tech.Sep 7
social Ancient canned peaches open to reveal nightmarish contents inside BoingBoingSep 5
code [$] Rug pulls, forks, and open-source feudalism LWN.netSep 5
becomes Swiss launch open source AI model as “ethical” alternative to big US LLMs InfoWorldSep 5
attacks OK Go releases open-source graphics files from its new video, "Impulse Purchase" BoingBoingSep 4
how Microsoft publishes source code to Microsoft BASIC Version 1.1 OS NewsSep 4
source Microsoft's 6502 BASIC Is Now Open Source SlashdotSep 4
fastcode Bill Gates’ early BASIC code for MOS 6502 released as open source ComputerWorldSep 4
open Microsoft open-sources the 6502 BASIC coded by Bill Gates himself TheRegisterSep 4
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Sep, Wed 24 - 12:44 CEST