Does Mythos mean you need to shut down your Open Source repositories? (shkspr.mobi)

The recent announcement about the "Mythos" AI, touted as a formidable hacker capable of targeting Open Source code bases, has sparked concerns within the community about potential security risks. However, experts clarify that closing Open Source repositories won't provide meaningful protection, as most code has already been used for training AI models and archived by digital libraries. Furthermore, significant vulnerabilities often lie in the software supply chain—specifically within operating systems, libraries, and hardware—rather than in the Open Source code itself. Instead of shuttering repositories, the focus should be on strengthening security measures against prevalent threats like phishing, weak passwords, and insider risks. Closing source code does not guarantee safety; sophisticated AI can still analyze and exploit closed systems. As evidenced by resources such as the UK's AI Safety Institute and NCSC, which argue against the rush to close source, the consensus is clear: Open Source has its risks, but the move to close repositories does not fundamentally alter the existing vulnerabilities associated with software security.