Techly NewsGet the app

Get the latest tech news

How fake security reports are swamping open-source projects, thanks to AI


Patch spam contains code that is downright wrong and nonfunctional. Even worse: It can introduce new vulnerabilities or backdoors. What's a developer to do?

With government employee cuts expected to the NVD's parent organization, this flood of bogus AI-generated security reports making it into the CVE lists will only increase. Adding insult to injury, according to OpenSSF, some attackers use AI to create fake online identities, complete with GitHub histories containing thousands of minor but seemingly legitimate contributions. Besides maintainers wasting time sifting through and debunking fake contributions, this influx of AI-generated spam undermines the trust that forms the bedrock of open-source collaboration.

Get the Android app

Or read this on r/technology

Read more on:

Photo of thanks

thanks

Photo of source projects

source projects

Related news:

News photo

The Google Pixel 8 is now cheaper than the Pixel 8a, thanks to Amazon's Presidents' Day Sale

News photo

Datacenter energy use to more than double by 2030 thanks to AI's insatiable thirst

News photo

Global chip sales rose 19.1% in 2024 and will hit double digit growth in 2025 thanks to AI | SIA

« Associated Press Barred from Oval Office for Not Using 'Gulf of America'
Founders Fund is about to close another $3B fund »