Welcome to the strip mining era of open source security

Open-source software is facing increased scrutiny in 2026 due to advancements in automated security vulnerability scanning powered by large language models (LLMs), leading to a surge in the discovery of security issues in public code. This has resulted in a significant rise in the number and quality of vulnerability reports, as observed by companies like Metabase, which went from receiving a few reports per month to several per week, many of which are credible. While these developments enhance the security of open-source software by uncovering hidden flaws, they also create challenges for maintainers, who must address vulnerabilities quickly to prevent potential exploits. The landscape is rapidly changing, with many new SaaS services offering scanning solutions, and companies may consider going closed source to manage security risks more effectively. As coding agents become more adept at identifying vulnerabilities, both open and closed-source developers need to prioritize frequent security patches and adopt a proactive approach to mitigate potential threats.