According to LessWrong, researchers exploring how artificial intelligence could address security vulnerabilities across open-source software have raised a deceptively simple but urgent question: if AI can systematically patch critical bugs in foundational code, who actually pays for it? The original post, by niplav and highlighted on the Effective Altruism Forum, uses cost modeling to estimate the token expenses—the actual dollar costs of API calls—needed to deploy AI assistants to fix security issues at scale across the ecosystem. The uncomfortable answer: right now, nobody. This work happens either through volunteer effort or remains unfixed entirely. The analysis ties into broader conversations about AI-assisted infrastructure and cybersecurity resilience, revealing a fundamental tension: we now have the technical capability to dramatically improve open-source security, but the economic model to fund it systematically doesn't exist. It's less a technical challenge and more a governance and funding problem.

Listen to this story

Hear this and more stories in a personalized audio briefing.

Open The Chonkerton