Open source is dead now?

AI Summary

The video discusses the alarming decision by Cal.com, a prominent open-source alternative to Calendly, to close its core codebase, a move that deeply concerns the presenter, Theo. Cal.com, historically a prime example of a full-stack TypeScript application, cited the rapidly changing security landscape due to AI as its primary reason, stating that AI can now automate code exploitation at scale, turning transparency into exposure. Theo, a strong advocate for open source, reveals he was aware of Cal.com's internal deliberations and had hoped to prevent this change. He explains that AI significantly lowers the bar for finding software exploits by reducing the need for deep domain-specific knowledge and even some security expertise, making it possible for many more individuals to discover vulnerabilities. This shift is exemplified by Anthropic's Mythos LLM, which found a 27-year-old vulnerability in OpenBSD, one of the most secure codebases globally, by systematically scanning source code. The presenter introduces the concept of 'cybersecurity as proof of work,' where securing systems becomes a battle of who can spend more computational resources (tokens) to find exploits versus attackers. He highlights a report from the AI Security Institute supporting Mythos's advanced capabilities in corporate network attack simulations, noting that each attempt cost $12,500 in tokens and showed no diminishing returns. Theo criticizes the attitude of some open-source projects, like FFmpeg, for dismissing security reports as 'CVE slop,' arguing that such resistance will only make them targets. He concludes by expressing his disappointment but understanding of Cal.com's decision, fearing it's a precursor to more projects closing their source, and urges continued support for open source to prevent a future where fear-mongering kills the movement.

Claims Extracted (11)