Source: The Register: Biting the hand that feeds
Security researchers are detecting a new attack pattern where AI systems systematically scan public code repositories to identify exploitable vulnerabilities before patches exist, turning open-source transparency into a liability. The traditional assumption that "many eyes make all bugs shallow" now competes with the reality that automated vulnerability hunting operates faster than human-driven disclosure cycles. Enterprises running popular open-source dependencies face the highest risk, as the window between AI discovery and weaponization may shrink below the time needed for coordinated patching.