Linus Torvalds on the AI claim that makes him angry, and what security researchers should never do
Summary
Linus Torvalds, speaking at the Open Source Summit North America, stated that modern AI tools are significantly impacting Linux kernel development. He noted a 20% increase in commits over the last two releases, breaking a 20-year stable release process since the move to Git. Torvalds initially attributed this to the 7.0 release excitement but later recognized AI coding tools as the true driver, lowering entry barriers for contributors. However, this surge also created social and security stresses, particularly on the Linux kernel security mailing list, which was "overrun by duplicate reports" generated by AI. He also expressed anger at claims that "99% of our code is written by AI," emphasizing AI as a tool that increases productivity by a factor of 10, not a replacement for programmers.
Key takeaway
For AI engineers and open-source maintainers navigating increased AI-driven contributions, you should recognize AI as a powerful productivity tool, not a code replacement. Be prepared for higher commit volumes and potential "social choke points" from AI-generated bug reports. Implement clear security disclosure guidelines for AI-discovered vulnerabilities, treating them as public. Crucially, always understand the underlying code, even when AI generates it, to ensure long-term maintainability and prevent burnout in smaller projects.
Key insights
AI tools boost developer productivity and contribution volume but introduce social and security challenges in open-source projects.
Principles
- AI-found security bugs should be considered public knowledge.
- Understanding generated code is crucial for long-term maintenance.
- Open source remains the best way to manage software complexity.
In practice
- Implement new AI security disclosure guidelines.
- Prioritize human judgment over AI for social interactions.
- Review AI-generated code and assembly for serious projects.
Topics
- Linux Kernel Development
- Open-Source Security
- AI Code Generation
- Software Engineering Productivity
- Vulnerability Disclosure
- Linus Torvalds
Best for: CTO, VP of Engineering/Data, Director of AI/ML, Software Engineer, AI Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.