● Its FOSS 📅 14/06/2026 à 11:53

Open Source 👤 Sourav Rudra

🏷️ Tags : red hat

On May 27, Adam Williamson of the Fedora QA team sent a message to contributor Nathan Giovannini, CC'ing the project's devel and test mailing lists so everyone could see what had been going on.Adam had been combing through Nathan's Bugzilla history and found what he described as the work of "some kind of agentic AI system," operating unsupervised across both Fedora's bug tracker and several upstream projects.Soon after, Nathan replied, saying his credentials had been compromised and that he had nothing to do with any of it.Skynet, is that you?An example of the AI agent running amok.The agent had been mass-reassigning Bugzilla reports to Nathan's account, despite him not being the maintainer for any of the affected packages. In Fedora's Bugzilla instance, the assignee is supposed to be whoever can actually resolve the bug downstream, typically the package maintainer.It had also been prematurely closing bugs, where the correct protocol was to mark a bug as POST when a fix was proposed upstream but wasn't pushed downstream. The agent was just closing them outright after submitting or merging an upstream patch.Then there were the NOTABUG closures. The agent had been shutting bugs in components it had no ownership over, with comments Adam identified as clearly LLM-generated. Some of those comments just restated what the original reporter had already written. Others sounded plausible but were wrong.The fourth problem was the most serious. The agent submitted an incorrect fix to the Anaconda installer project, and when a maintainer pushed back, it kept firing back LLM-generated responses until the maintainer gave in and merged it.The Anaconda team reverted the PR, but two related pull requests had already shipped in Anaconda 45.5.A supply chain problem?This is not a particularly sophisticated attack. A contributor account gets compromised, an AI agent runs through it, and bad code ends up in a release before anyone notices. The damage in this case was caught and cleaned up, but the scenario itself is not hard to replicate.Fedora approved a policy on AI-assisted contributions last year, placing full accountability on the human contributor and requiring transparency when AI tools are involved. Submitting unreviewed, low-quality machine-generated content is explicitly called out as unacceptable. What played out here was the policy's failure conditions, except it was routed through a stolen account rather than a contributor acting in bad faith, so the policy had no way to apply.Open source software sits underneath nearly all modern enterprise infrastructure, which is what makes the supply chain angle worth taking very seriously.IBM and Red Hat announced Project Lightwell in late May as a $5 billion effort to secure open source supply chains using AI tooling and a team of over 20,000 engineers. It targets vulnerability remediation across upstream and enterprise environments, from language ecosystems to AI frameworks.However, it does not address the specific problem of agentic AI operating through hijacked contributor accounts, but it reflects where the industry is moving towards as AI keeps accelerating both the discovery and exploitation of vulnerabilities.Fedora's 2FA problem isn't going awayThe incident kicked off a debate on the devel list that has apparently been sitting unresolved since the XZ backdoor in 2024.Daniel Berrangé, a Red Hat engineer and long-time Fedora contributor, pointed out that mandatory 2FA had come up after that incident; the only outcome was a soft recommendation that provenpackagers should have it enabled, and nothing has moved since.Fabio Valentini raised a separate issue saying that a lot of this activity happened on Bugzilla, which uses its own account system and may not support 2FA at all. Daniel acknowledged that but said it was not a reason to avoid mandating it for the Fedora Accounts (FAS), and noted Bugzilla may become less relevant if Fedora eventually moves to the issue tracker on Fedora Forge.Michael Catanzaro, a GNOME developer, said he uses 2FA everywhere except Fedora, even though his Fedora account is among his most sensitive. The sticking point in his case is that Kerberos ticket renewal isn't working properly with 2FA in GNOME Online Accounts.In the end, seeing that a compromised account got bad code into their repos, the Fedora folks ought to step up their efforts when it comes to mandating 2FA for contributors whose work affects many users.

🔗 Lire l'article original 👁️ 0 lecture