Comment by PurpleRamen
6 days ago
Good enough AI is not cheap (yet). So at the moment it's more a scenario for people who are rich enough. Though, small projects with little maintenance-burden might be at a risk here.
But thinking about, this might be a new danger to get us into another xz-utils-situation. The big malicious actors have enough money to waste and can scale up the amount of projects they attack and hijack, or even build themselves.
XZ Utils is EXACTLY what came to mind for me.
That exploit / takeover happened precisely because an angry user was bullying a project maintainer, and then a "white knight" came in to save the day and defend the maintainer against the demanding users.
In reality, both the problem and the solution were manufactured by the social engineer, but bullying the maintainer was the vector that this exploited.
What happens when agents are used to do this sort of thing at scale?