nixCraft 🐧4d ago

An unsupervised agentic AI system working through compromised devs credentials (account) successfully altered bugs & pushed unverified code into multiple open source projects, including Fedora #Linux Anaconda installer. This rogue AI agent appears to have used a trusted open source contributor account over to submit bugs with backdoor & overwhelming maintainers & increasing the risk of deliberate supply chain compromises on FLOSS

AI agent runs amok in Fedora & elsewhere https://lwn.net/SubscriberLink/1077035/c7e7c14fbd60fae9/

Farran De Tao / Lĩ Phong3d ago
Show threadnixCraft 🐧
So much trust and access modern development tools are being given using AI agents to do work. Once an agent can file bugs, submit code, and interact with maintainers autonomously, mistakes or compromises can scale far faster than traditional human driven errors. Again not much info available right now but devs and IT pros now need to be very very careful with AI agents access control. otherwise this is going to be regular incident
Jun 11 at 2:19pmWeb
Show threadCogito ergo mecagoendios4d ago
@nixCraft I want people who host agents that do damage to be socially shunned and held financially responsible for damages like the owner of a dog that mauls a kid.
Show threadGurre Vildskägg3d ago
@elrohir @nixCraft
That actually makes perfect sense.
I will now have that as a policy point if y'all vote me planetary governor.
Show threadunrealphish3d ago
@Gurre @elrohir @nixCraft +1 for the concept of planetary gouverner. May your rule be just, prosperous, and long.
Show threadLisPi3d ago

@nixCraft This is indeed simply malware getting its figurative hands on credentials.

There isn't really a new lesson here, this is just a reminder of the importance of security processes even with "trusted" individuals, because shenanigans happen and there's no guarantee indeed that those credentials will always be used by the trusted individual, so adequate review & alertness remains always necessary.

Supervised malware using credentials isn't any more desirable, of course.

Show threadDouglas Floyd3d ago

@nixCraft

This makes me wonder about forcing signatures like signed commits... and forcing attestation that the private key was generated on a YubiKey or other HSM. This way, it takes a manual keypress to do the commit or issue, something AI can't spam.

Of course, someone can make a robotic finger... but that's when you ban them and go on.

Show threadShiri Bailem2d ago

@dfloyd888 @nixCraft if you're limiting to hardware keys and the like, then you're creating a barrier to developers that favors the kinds of people who could also circumvent that.

You really can't do much beyond monitoring and demanding accountability.

Show threadmark3d ago

@nixCraft https://www.cnbc.com/2026/06/11/coinbase-launches-tool-to-let-ai-agents-manage-trading-and-payments.html

what could go wrong?