Why Powerful But Hard To Detect Backdoors Could Become A Routine Problem For Open Source Projects Because Of AI (www.techdirt.com)

submitted 1 week ago by schnurrito@discuss.tchncs.de to c/foss@beehaw.org

8 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Naich@lemmings.world 15 points 1 week ago

Not just a problem for open source, surely? The answer is to use AI to scan contributions for suspicious patterns, no?

[-] WalnutLum@lemmy.ml 7 points 6 days ago

And then when those AI also have issues do we use the AI to check the AI for the AI?

[-] prex@aussie.zone 3 points 6 days ago

Its turtles all the way down.

[-] byzxor@beehaw.org 5 points 6 days ago

there's already a whole swathe of static analysis tools that are used for these purposes (e.g. Sonarqube, GH code scanning). of course their viability and costs affect who can and does utilise them. whether or not they utilise LLMs I do not know (but I'm guessing probably yes).

this post was submitted on 05 Sep 2025

49 points (98.0% liked)

Free and Open Source Software

20148 readers

49 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

Gaywallet@beehaw.org

alyaza@beehaw.org