Linux Maintainer Greg Kroah-Hartman Says AI Tools Now Useful, Finding Real Bugs
6 hours ago
- #Linux Security
- #AI Code Review
- #Open Source
- Initially, AI-generated security reports for Linux were low-quality "slop," which was more amusing than concerning for kernel maintainers.
- Recently, there has been a significant shift with AI producing real, high-quality bug reports and security findings, impacting all open-source projects.
- The cause of this improvement is unclear; it may be due to better tools or increased attention, but the scale of AI contributions is growing steadily.
- While AI primarily assists in code review, it is starting to generate usable patches, though human cleanup and integration are still required.
- Tools like Sashiko, now a Linux Foundation project, are being integrated to help manage AI-generated patches and provide equitable access across subsystems.
- AI reviewers offer faster feedback on obvious issues, speeding up the development cycle, but they also increase the review burden for maintainers.
- Efforts are underway to create tools that help maintainers handle the influx of AI-generated content, emphasizing collaboration across open-source projects.
- The challenge is to leverage AI as a force multiplier without overwhelming maintainers, as AI both introduces new vulnerabilities and aids in managing them.