Why? - Risk comes from capability asymmetry between attackers and defenders. Open source is what ev...
- AI可读取剥离符号的二进制文件,闭源“隐蔽性”已无法提供实质安全保护。
- 开源生态因分布式协作,在检测、验证、协调、补丁传播四个环节优于闭源集中式模式。
- 闭源系统失效时影响范围更大,因其常集中用户数据,而开源多本地运行、数据分散。
- Risk comes from capability asymmetry between attackers and defenders. Open source is what every frontier lab already trains on so defenders get the same AI firepower as attackers. With proprietary code, you're on your own. The biggest risk is someone training a model on" / X
Post
Conversation
Why? - Risk comes from capability asymmetry between attackers and defenders. Open source is what every frontier lab already trains on so defenders get the same AI firepower as attackers. With proprietary code, you're on your own. The biggest risk is someone training a model on your obscure stack and attacking you when no public model exists to defend it. - AI can now read stripped binaries, so proprietary obscurity barely protects anyone anymore. Most legacy firmware and embedded code is closed, binary-only, and no longer maintained. A huge attack surface that just became legible to AI. - In a Mythos world, software security becomes a speed race: detection, verification, coordination, patch propagation. Closed-source systems are weaker at all four because they centralize knowledge and action inside a vendor, while open ecosystems distribute both. - In open source, the defender crowd is usually bigger than the attacker crowd. In closed source, it's the opposite. AI force-multiplication will amplify that imbalance. And when closed-source systems fail, the blast radius tends to be much larger. They sit behind centralized user, customer, and cloud data, while open source more often runs locally with less data concentration. Let's go open-source!
Quote
clem !Image 1: 🤗
@ClementDelangue
6h
In a mythos world (which we are already in), closed-source projects will be 10x more at risk than open-source projects!