AI-based security research has thrown the open-source community into turmoil and created a flood of vulnerability reports that maintainers struggle to manage. But what can the open-source community do to better protect and prepare itself against the threat of models like Mythos that find exploits faster than maintainers can fix them? Jonatan Männchen, the CISO of the Erlang Ecosystem Foundation (EEF), and Peter Ullrich, the appointed AI Security Engineer of the EEF share their experiences of finding, reporting, and fixing close to a hundred severe vulnerabilities in the Top 1000 most downloaded Hex packages. They will show how open-source communities can adapt to this new reality, turn better vulnerability detection into a strength, and build processes that make security work more scalable for everyone.
Target Audience:
- Developers, maintainers, and technical leads in the BEAM ecosystem, especially those maintaining Hex packages. No AI or security research background required.