Matt Anderson Photography via Moment / Getty Images
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Used correctly, AI, as with Anthropic and Mozilla, can help open source.
Used badly, as with Google and FFmpeg, AI hurts open source.
Linux is using AI to handle many boring but necessary tasks.
Recently, there was some great news about AI and open source: Anthropic's Claude Opus 4.6 AI is helping clean up Firefox's open-source code. According to Mozilla, the parent company of Firefox, Anthropic's Frontier Red Team found more high-severity bugs in Firefox in just two weeks than people typically report in two months. Mozilla proclaimed: "This is clear evidence that large-scale, AI-assisted analysis is a powerful new addition in security engineers' toolbox."
That's great, right? Right!? Well, not so fast. There's another darker side to the use of AI in open-source software. Daniel Stenberg, creator of the popular open-source data transfer program cURL, has pointed out that his project has been flooded with bogus, AI‑written security reports that drown maintainers in pointless busywork.
Also: 7 AI coding techniques I use to ship real, reliable products - fast
Mozilla knows about this issue. Brian Grinstead, a Mozilla distinguished engineer, and Christian Holler, a Mozilla principal software engineer, wrote, "AI-assisted bug reports have a mixed track record, and skepticism is earned. Too many submissions have meant false positives and an extra burden for open-source projects."
... continue reading