Looks like the AI companies have finally run out of money as they are asking various open source projects to test their closed source products for them for free. What could go wrong with giving access to an unknown tool to private code repos?

If I didn't know better, I would think this is an elaborate phishing scam, or they have run out of data to scrape and need more training material.

Gotta admire their brazenness...

@gregkh I've noticed a lot of so-called AI startups have products which are basically "give us read access to all your code" and it will be like 2 Chinese, Indian or Russian male names plus an LLM as the ostensible authors. oh heck no....

Curiosity got the best of me, and I clicked on the links and this just looks like an OpenAI "sales funnel", which is pretty hilarious when you consider the target was open source security teams, none of which could ever fill out these types of forms without flat out lying.

@gregkh I found out at some point that most/many people in Enturprise believe that open source is basically just a type of company/job (which explains why they're so willing to act like the issue tracker is their personal customer support)

@gregkh they are asking you to test their new security issue finder on open source software. is your post a hallucination?

@gregkh „the company“😅

@gregkh That's ... a lot. A lot "lack of thought given", I mean.

I'm pretty sure even their own tool would inform them about many ways this is not great.

(Advanced pattern recognition may even be actually useful in security engineering. But, uh, I'd prefer that to not come from the oligarch-kleptocracy.)

But many so-called FOSS supporters also love vibe coding, and proud to share their AI-generated spaghetti code.
@gregkh

@lain I wish I was hallucinating this timeline, that would make me much happier as I would know I could just sober up and it would all be over.

@gregkh I'm sure that @bagder can't wait to sign up for this great opportunity!

@gregkh @gunchleoc we don't have closed source. They already train on all our code...

@gregkh something like half of all the AI startups have to exit by end of 2026 - to break even or make a little money - the days of infinite cash ended in 2025 ... the big entities will rationalise a new sector has been made. They will not fail but stock will be corrected. After all this we can have saner conversations.

@gregkh they can go play in a fire

@gregkh "free during the evaluation periods" so you gotta put in a credit card? 🤣

@gregkh

👉 "a handpicked group of non-commercial Open Source maintainers"

👉 looks inside

👉 "What is your company's full, legal name?"

Great job, guys. 🤦

@gregkh I bet this is a clever way to avoid the pain and suffering of coordinating vulnerabilities while still wanting the attention

LLMs can find vulnerabilities, but then it takes enormous efforts to patch and coordinate the vulnerability

Unless you Tom Sawyer the project into doing it for you

@gregkh already!!!

Can I post this on one of the other platforms? Not sure which yet. LinkedIn?