Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor attack highlights just how fragile open source security can be. With open source tools being crucial for both private companies and governments, greater investment from the private sector and public sectors will be required. Â
Much of the internet’s crowdsourced code is vulnerable to infiltration by bad actors and nation-states. Open source software is at the “heart of the internet,” it is largely maintained by a handful of volunteers and that makes it a major security risk for corporations and governments alike, The Economist reported. Open source software is commonly deployed across digital infrastructure because of its low cost. That infrastructure, which is embedded across the digital world, is under attack by various enemy nation-states. Â
Martin Woodward, VP of developer relations at GitHub previously said, “Open source software is the foundation of 99% of the world’s software.” Around 97% of applications utilize open source code, with 90% of companies incorporating or using it in some capacity.
What the last year has shown in open source securityÂ
The xz Utils incident was a chilling example of what’s at stake. On March 29, 2024, Andres Freund, a software engineer at Microsoft, “inadvertently found a backdoor hidden in a piece of software that is part of the Linux operating system.” This backdoor came from the release tarballs for xz Utils, which were tampered with, and allowed unauthorized access to systems using the affected versions. The source code that was compromised was of the xz Utils open source data compression utility in Linux systems. The New York Times wrote that the engineer prevented a “potentially historic cyberattack.”Â
Since xz Utils is open source software, its code is publicly accessible, allowing anyone to view the changes made. However, this openness was exploited in a particularly sneaky manner: the attack targeted only the code in the release tarballs (compressed archive file for the version of a software release), leaving the main branch of the repository untouched. This clever tactic made the compromise harder to detect. Without the vigilance of a developer and a stroke of luck, the attack could have caused massive harm, breaching countless systems worldwide.
A developer named Jia Tan began making helpful code contributions to the project and slowly earning trust. Then over time, the bad actor smuggled in malware. One of the most surprising elements of the xz Utils backdoor attack was how the malicious code was introduced through seemingly harmless git commits. Instead of altering the xz Utils source code directly, the malware was concealed as x86_64 object code within binary test files, disguised as unit tests for edge cases in XZ decompression. Russia’s foreign intelligence service, SVR, suspected to be behind the attacks, is the same intelligence service behind the SolarWinds attack.
This incident is not isolated. Open source projects are attractive targets for state actors because the code is public. While this openness is great for collaboration, it also gives attackers easy access to study the code and its updates. Open source plays a vital role in global infrastructure; A report from Lineaje in 2023 revealed that 70% of all software today is open source and that 82% of open source software components are “inherently risky.” Unfortunately, its ubiquitous use makes its vulnerabilities even more dangerous.
Reports from Lineaje and others highlight the risks: 82% of open source components are considered risky due to poor maintenance, outdated code, or security flaws. Many of these projects are run by small teams or individual volunteers with limited resources, leaving them vulnerable to attacks.
How AI will play a greater role
Adding to these risks is the rise of large language models (LLMs). While LLMs help developers with tasks like debugging or automating workflows, they can also be misused. Attackers can use LLMs to quickly analyze open source code for vulnerabilities, making it easier to find exploitable flaws. These AI tools can also craft convincing phishing messages or fake contributions to open source projects, making it harder to spot bad actors. The ability of LLMs to mimic human interaction increases the chances of malicious code slipping through unnoticed through phishing and other attack vectors that can be automated.
Despite the risks, LLMs also offer opportunities to improve open source security. But there is a balance to be had since it could be cost prohibitive, as companies are unlikely to invest into running LLM based analyzers on open source code with no budget. For example, AI systems could flag suspicious changes in a codebase or detect unusual patterns in contributor behavior. Open source LLMs also “benefit from the fast-growing base of developer communities pushing their boundaries and scaling daily to solve complex cybersecurity challenges.”
However, the same technology that strengthens defenses can also be weaponized. Deploying an open source LLM on a server or in a cloud environment introduces the risk of unauthorized access to the model or the sensitive data it handles, if there are not proper security controls in place. Malicious actors can tamper with training data or the model itself, injecting harmful code or biases that result in misleading or malicious content. Additionally, improperly secured LLMs may leak sensitive information, either through generated text or attacks targeting the model’s architecture.
What was once accomplished with a single repository using tools like xz Utils could soon be scaled across hundreds by a single individual leveraging advanced GenAI technologies over the next few years—and this shift has likely already begun. The barrier to entry has dropped dramatically, moving from requiring nation-state-level resources or extreme dedication to something that can now be mass-produced. It’s entirely plausible that in the coming years, the majority of small or minor updates to repositories will be generated by GenAI.
While meaningful, high-quality development contributions remain a different challenge, the role of maintainers may shift as well. Instead of being skilled developers actively contributing code, maintainers might increasingly be those who excel at managing grunt work and presenting an image of helpfulness, leaving the more complex or innovative tasks to a smaller group of dedicated developers.
AI Eroding Trust
Traditional phishing attacks focus on obtaining a company’s internal directory and targeting key individuals—or those they trust. With NPM’s extensive dependency ecosystem, which is publicly accessible, attackers have a different angle. They can identify the small number of maintainers for a given package, assess the backlog of issues, and use that information to deploy bots that appear helpful by contributing fixes or offering assistance. This creates an avenue for gaining trust and embedding themselves within the development process.
The best fake identities are crafted with real-world data, enriched over time through social media posts, academic records, and more. A convincing fake ID includes a detailed backstory, complete with photos, connections, and an online presence. GenAI simplifies the creation of these identities, while also enhancing them by simulating coding activity on platforms like GitHub.
Many early contributions to open source projects are small and easy to verify—like fixing typos in comments or updating dependencies. These activities are ideal for attackers using LLMs, as they can be automated at scale. This enables the creation of hundreds of fake identities, each with LinkedIn profiles, social media accounts, and GitHub histories containing thousands of minor but legitimate contributions.
These identities can participate in multiple projects, potentially overlapping, and build a track record of helpfulness. Over time, a malicious actor might use one of these identities to submit more critical contributions. Even these contributions may initially appear valid and beneficial. In coordinated efforts, such as those by nation-states or hacker collectives, one identity could bolster the credibility of another, reinforcing a narrative or gaining influence.
We’ve already seen examples like the xz utils incident, where multiple identities were used to manipulate trust. When the attack was exposed, those identities were discarded. In manual operations, losing such assets would be costly. However, with GenAI, generating new identities comes at minimal expense, significantly lowering the stakes for attackers.
Supply chain attacks will grow
A recent software supply chain attack targeted the popular @solana/web3.js npm library, which is widely used for building Solana-based applications, compromising versions 1.95.6 and 1.95.7 with malicious code to steal users’ private keys and drain cryptocurrency wallets. The attack exploited a phishing campaign that allowed threat actors to gain publish-access and inject a backdoor function, exfiltrating private keys via legitimate-looking Cloudflare headers. The affected versions have been removed, and users are urged to update to version 1.95.8 and consider rotating their keys to mitigate risks.Â
Software supply chain attacks are expected to increase in 2025 due to the growing reliance on open source libraries and the rise of sophisticated attack methods like phishing and social engineering. According to a study by Synopsys, vulnerabilities in open source software are steadily increasing. Additionally, the increased integration of open source tools in enterprise systems provides attackers with a higher return on investment, making such breaches even more attractive to both cybercriminals and state-sponsored actors.Â
Influence of state actors and targeting of volunteers
The xz Utils incident, much like the SolarWinds attack, serves as a wake-up call, highlighting the need for greater investment and collaboration between the public and private sectors to secure open source software and preserve its value as a digital public good. Companies that benefit from open source tools need to step up and support these projects. This support can include funding, providing developer time, or offering security expertise. Open source projects also need better governance, such as stricter code review processes and shared responsibility for updates. Faster patching of vulnerabilities is another priority, as delays leave systems exposed to attacks for longer periods.
State actors remain one of the biggest threats. Open source software offers them a low-cost, high-reward target for espionage, sabotage, and disruption. The SolarWinds attack, although involving proprietary software, is a prime example of how damaging these supply chain breaches can be.Â
Attackers will likely continue to target individual maintainers more frequently, using advanced social engineering tactics to compromise projects. AI tools will continue to enhance both the attackers’ and defenders’ capabilities, creating a race to stay ahead of new threats. Governments are also likely to get more involved, helping promote public-private partnerships to improve security across the wider ecosystem. At the same time, stricter regulations may be introduced, pushing companies to take more responsibility for the open source components they use.
When it comes to the SolarWinds incident, whether it has faded from memory depends on the perspective. While public attention may have shifted, government officials and cybersecurity experts remain focused on addressing the lessons learned. Much of the ongoing work in software supply chain security, such as initiatives by the OpenSSF (like SLSA and GUAC), is a direct response to the need for stronger defenses, driven by agencies like CISA, but progress has been slow, and not all organizations have adopted these protections. The federal government itself is one of the largest consumers of open source software and will continue to increase its involvement in the space.Â
While these efforts continue behind the scenes, the incident’s impact may not have fully resonated with the general public, especially among independent or hobbyist software developers who may not fully grasp the broader implications.
Ultimately, as expert Michal Zalewski noted, “The bottom line is that we have untold trillions of dollars riding on top of code developed by hobbyists.” This underscores the possibility that other backdoors may still be lurking, undiscovered, within the critical software that forms the backbone of the internet.
While identifying vulnerabilities is a concern, the larger issue lies in the erosion of trust within open source ecosystems. Open source thrives on the contributions of faceless developers who work in good faith, often without direct interaction or verification of identity. GenAI undermines this foundation by making it feasible for many of those faceless contributors to be entirely fabricated.
Phishing attacks are already dangerous because they exploit trust rather than breaking through technical defenses—they trick individuals into executing malicious code in a trusted environment. GenAI amplifies this risk by enabling attackers to embed malicious code into trusted open source packages under the guise of legitimate contributions.
This will likely spark a race between malicious actors using GenAI to infiltrate projects and defensive tools leveraging GenAI to detect and counter vulnerabilities before they can be exploited. The question then becomes whether trust in open source can survive in a world where contributors may increasingly be indistinguishable from AI-driven imposters.
As we enter 2025, open source software is at a critical point. The threats are becoming more sophisticated, driven by state actors, the misuse of AI tools like LLMs, and a focus on supply chain interference to inflict maximum damage. However, with proactive measures, greater investment, and shared responsibility, it’s possible to create a future where open source continues to thrive as a force for innovation and progress, rather than a vulnerability waiting to be exploited.
About the Author
David Kirichenko is a Security Researcher and a freelance journalist. He writes about crowd-sourced cyber warfare, espionage, hackers, and open source security. He is on X @DVKirichenko