AI models have recently drastically changed the sophistication, speed and scale of software vulnerability discovery. It is now trivial for non-experts to find real vulnerabilities in software with minimal effort and expertise. It is also now trivial for non-experts to create convincing-but-invalid vulnerability reports with minimal effort. This change is already overwhelming OSS maintainers on the...
The narrative presents a compelling case for how AI is reshaping vulnerability discovery, but it also reveals deeper tensions in open-source sustainability. The strongest version of this argument acknowledges that AI democratizes security research—both for good (faster fixes) and ill (noise overwhelming maintainers). The call for collective defense is pragmatic, recognizing that no single entity can handle the scale of the problem. However, the framing risks reinforcing a "sky-is-falling" urgenc...