Trusting AI is dangerous. It’s time for an open-source revival

I have always respected the ideals of open source software. The community engaged in these services and programs demonstrates an incredible and noble dedication to following the ins and outs of the code. But until recently, I generally viewed an open source philosophy as a bonus, nice to see but not very influential in deciding what to use.

But AI has changed much of my perspective, including the extent to which closed source code should be trusted. Before, I made my choices based on features and interfaces. Now I’m much more aware of the fact that if you don’t know what’s in the code, you don’t know what’s actually going on.

The time I spend on cybersecurity continues to drive home this point. You’re probably aware of attacks like malicious browser extensions that perform their advertised function, but also change URLs or spy on your browsing in the background. Unless you use code or work in cybersecurity, you won’t know about it until someone else discovers the duplicity. AI can trap you in a similar situation, but with a wider range of potential problems and much greater potential damage.

AI models can be manipulated and tricked, or even trained to be downright “evil.” While attending this year’s RSAC 2026 and B-Sides cybersecurity conferences, I learned how AI can end up paying companies, making unauthorized purchases, and even handing over control of a Google account to an attacker. And when I asked one of the presenters how consumers could detect and prevent these things from happening, he said we couldn’t do it. No, unless you’re a security researcher (or a sufficiently competent person who digs into the code itself), like with these malicious browser extensions.

Of course, open source cannot directly solve all of these problems. But this problem with AI sucks, and if I have to make recommendations to others about which services to use (if I myself need to be sure that the data I share or upload will be processed correctly), I prefer to rely on options where the code can be seen and verified publicly.

Skymatics

I know I am not alone in this thought; the open source community exists for a reason. But what is new is the current technological landscape. This made open source seem important to people like me who didn’t pay much attention to it before…and also a priority to people in unexpected places. During an interview with Microsoft at RSAC 2026, the person responsible for pentesting (the art of attacking computer systems to see what vulnerabilities exist) also highlighted the importance of open source code, that it is fundamental at this point in history.

AI is a tool, of course. But it both accentuates and accelerates the change in how we interact with technology. We, the users, have less and less control over the applications and services in our lives. The era of buying one-time and waiting for reliable software is all but over. Now you can go to sleep one night and wake up the next night to compromised software, and you probably won’t know until someone else tells you. And yes, this Microsoft security expert, optimistic about open source, is the same person who advises evaluating AI not on what it is, but on who built it. It’s good advice, but let’s be real: trust only goes so far. People make mistakes all the time.

So now I’m starting to think about software and services in the same way that people who buy organic produce and scan ingredient lists do. I not only consider the origins of an application or service, but also what could be dangerous there. And I can’t know that if it’s not available for review – which is the point the open source community has been making for decades. And rightly so, it seems.

In this episode of The Full Nerd

In this episode of The Full Nerd, Adam Patrick Murray, Alaina Yee, and Will Smith discuss AMD’s reveal of the Ryzen 9 9950X3D2 and Adam’s experience testing Nvidia’s DLSS 4.5. While discussing Team Red’s new flagship chip, I make an update on its target audience which is quickly cited in the video’s comments. With broad artistic license. Very wide.

But as surprising as a dual 3D V-Cache chip is, especially after AMD’s initial reluctance towards such a chip, our team also had a bonus launch this week. You should check out one of our audio streams for the show, that’s all I’m saying.

Foundry

Did you miss our live? Subscribe now to The Full Nerd Network YouTube channel and enable notifications. We also answer viewers’ questions in real time!

Don’t miss our other shows either: you can watch episodes of Dual Boot Diaries, The Full Nerd: Extra Edition and Expedition: Handheld through our channel!

And if you need more gear talk during the rest of the week, join our Discord community: it’s full of cool, laid-back nerds.

This week’s lighter nerd news

After a week of learning how technology is vulnerable to all sorts of malicious attacks, I needed a break from the gloom and doom. And you know what? The news cycle delivered, much to my surprise. There’s a potential payoff for LastPas’s truly disastrous data breach in 2022, someone got a badly damaged (for the most part) 5090 back up and running, and Linux’s market share doubled.

Additionally, software pirates showed that they too had security standards, which was refreshing.

Ubisoft

• Even pirates may have said no: A new solution for games with Denuvo anti-piracy DRM is so risky that even those who steer ships on the high seas have warned of the dangers.

• No thanks: Perplexity is accused of sharing chat information during incognito sessions with Meta and Google. I’m not saying I believe the claims as a whole, but given everything about AI and security right now, the idea of ​​such sharing puts AI integrations with browsers in a different light for me.

• It actually works: Claude apparently monitors user statements. But instead of being scared by this, I can’t help but think about what I once heard from a member of the Google Assistant team. They suggested they heard a lot of swearing in the voice recordings. A lot. It’s all part of the improvement process, I suppose.

• Never thought about it: Ars Technica this week got me thinking not only about huge dragonflies, but also about the possibility of dealing with pigeon-sized insects. (No.)

• Ouch: The once ultra-affordable Raspberry Pi has seen dramatic price increases since the start of the year: the Raspberry Pi 500+ now costs $150 more.

• Thanks, I Hate This: Apparently the AI ​​industry’s demand for servers has further encroached on gaming: a title, Storm dooris going to discontinue multiplayer for its game (at least for now), because its server provider was sold to an AI company.

GIPHY

• There are dozens of us: I know there are millions of us. And I probably should have said “you” since I haven’t officially joined the Linux bandwagon yet. But this meme seems accurate in its vibe, even with this news of its market share doubling. (I say this with love, I promise.)

• What a save: This 5090 may not be in as pristine condition as when it shipped from the factory, but smart modders saved it from the trash with jumper cables and a custom BIOS. (This story is also a good reminder that sometimes inexpensive support can save you a lot of heartache.)

• No more xxKillerxx: you can finally change your Gmail address. Celebrate, for now we older folks no longer have to abandon accounts created in our teens and 20s.

• The LastPass violation settlement is real: The terms are surprisingly complex about who can file a claim and for what types of claims, but I’ve written an overview of the details. Up to a third of the nearly $25 million will go toward legal and other costs, so don’t expect much if a court approves those terms in July.

• This makes sense to me: Sweden’s return to analog textbooks may be controversial for some, but I find the evolving data on how humans learn best to be a particularly relevant point in today’s digital-driven world.

Y’all, it’s Easter this weekend. You know what that means: candy sales. And yes, I’m willing to defend my inexplicable fondness for Peeps. Come see me on the Discord server about colorful marshmallows in the shape of bunnies. It won’t change that I bought a pack. Or three.

See you next week!

Alaina

This bulletin is dedicated to the memory of Gordon Mah Ungfounder and host of The Full Nerd, and Hardware Editor at PCWorld.