234_050predictionAIAI-timing
Open-source maintainers will be overwhelmed by AI-discovered software vulnerabilities
Predictor: Alex Wissner-Gross · ep#234 "Anthropic vs. The Pentagon, Claude Outpaces ChatGPT, and Consulting Gets Replaced" · source
Prior probability
50.0%
Current probability
42.3%
evolves via intake + LBP
Conviction
4/5
Signal quality
B
Resolution
pending
Window
2026-06-01 – 2026-06-30
Edges in / out
12 / 5
Tickers exposed
33
Prediction text
Open-source maintainers will be overwhelmed by AI-discovered software vulnerabilities | It's more often than not some poor, starving open-source project maintainer that's suddenly getting flooded with reports of vulnerabilities in their software project.
Verbatim quote
From episode "Anthropic vs. The Pentagon, Claude Outpaces ChatGPT, and Consulting Gets Replaced"
It's more often than not some poor, starving open-source project maintainer that's suddenly getting flooded with reports of vulnerabilities in their software project.
Predictor: Alex Wissner-Gross
κ + Brier as of 2026-05-22
κ (discount)
0.844
Brier
0.0341
excellent
Hits / Misses
6 / 1
of 11 resolved
Hit rate
54.5%
Calibration plot (stated vs observed)
Evidence about this node from Alex Wissner-Gross is multiplied by κ in /api/intake. Lower κ = less weight; floors at 0.10 (effectively silenced) and caps at 1.00 (full weight).
Reference class
Not linked
This node isn't linked to a reference class. The Bayesian update applies without outside-view blending.
Probability over time
4 prob_history rows
intake v2milestone miss sweeplbp propagationreference class assignedlegacy v1prior_prob (analyst seed)current = 42.3%
Milestone chain
Pre-event signals (upstream prereqs + window checkpoints) → resolution event → downstream cascades. Status/dates update from linked nodes; re-derive nightly via scripts/ops/derive_milestones.py.
Leading chain: 7 fired ✓
- 2025-12-31hitcurl maintainer shuts down bug bounty due to AI slop reportsHow: Daniel Stenberg or curl project officially closes bug bounty program citing AI-generated low-quality reportsSource: https://www.axios.com/2026/03/10/ai-agents-spam-the-volunteers-securing-open-source-softwareconf 95%Notes: HIT — Stenberg confirmed <5% of 2025 reports legitimate; bounty paused.
- 2026-04-11hitAnthropic Opus 4.6+ discloses 500+ zero-days in OSS librariesHow: Anthropic confirms autonomous AI agent discovered 500+ confirmed zero-day vulnerabilities in open-source codebasesSource: https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-previewconf 95%Notes: HIT — confirmed via NPR/Anthropic Project Glasswing reporting.
- 2026-06-30pendingOSSF/CNCF publishes formal AI-SLOP best practices for OSS maintainersHow: Open Source Security Foundation or CNCF publishes official guidance document for maintainers handling AI-generated vulnerability reportsSource: https://github.com/ossf/wg-vulnerability-disclosures/issues/178conf 70%
- 2026-06-01 → 2027-06-30pendingOpen source vulnerabilities exceed 1,000 per codebase averageHow: Black Duck/Synopsys or equivalent annual report shows average vulnerabilities-per-codebase doubles again from 581 baselineSource: https://www.opensourceforu.com/2026/03/ai-generated-threats-push-open-source-security-to-breaking-point/conf 55%
- 2026-06-01 → 2027-12-31pendingMajor OSS project (Linux kernel/OpenSSL/Python) declares maintainer crisisHow: Top-100 OSS project maintainer publicly announces inability to triage AI-generated reports and pauses or restricts contributionsSource: GitHub, project mailing lists, Linux Foundation blogconf 65%
What if this resolves?
Clamp this prediction TRUE or FALSE and run a counterfactual Gibbs sample. Surfaces the predictions whose marginals shift most under that assumption.
(live posterior: 42%)
Click a button to clamp this prediction and run a Gibbs sample. Returns the predictions whose marginals shift most. ~30s per run; ideal for stress-testing "if X resolves, what else moves?"
Evidence chain
Every probability update with full Bayesian provenance — chronological, latest first
LBP2026-05-17T02:00:01Z42.3%-1.0pp
Network propagation: 43.3% → 42.3%
5-iter LBP, residual 0.00689 · damping 0.5, w_intrinsic 0.5 · method lbp_v3 · run e607fa96
LBP2026-05-03T02:00:01Z43.3%-1.4pp
Network propagation: 44.8% → 43.3%
6-iter LBP, residual 0.00677 · damping 0.5, w_intrinsic 0.5 · method lbp_v3 · run 1a683ac9
LBP2026-04-30T16:39:51Z44.8%-2.1pp
Network propagation: 46.9% → 44.8%
5-iter LBP, residual 0.00825 · damping 0.5, w_intrinsic 0.5 · method lbp_v2 · run 0c8a4ea3
LBP2026-04-30T02:18:57Z46.9%-3.1pp
Network propagation: 50.0% → 46.9%
5-iter LBP, residual 0.00825 · damping 0.5, w_intrinsic 0.5 · method lbp_v1 · run 592311ef
Network propagation neighbors
Top edges sorted by latest LBP cross-impact
Top incoming (parents)
Edges that influence THIS node's belief
| Kind | Node | Their prob | P(c|s=T) | P(c|s=F) | Δ implied |
|---|---|---|---|---|---|
| prereq | 234_012 Anthropic revenue will cross OpenAI revenue in middle of 202 — Peter Diamandis | 67.1% | 0.500 | 0.050 | -0.074 |
| prereq | SEM_042 2025 will be the definitive year that agentic systems finall — Kevin Weil | 73.8% | 0.500 | 0.050 | -0.045 |
| prereq | SEM_012 Nvidia quadrupled chip production output while only doubling — Jensen Huang | 75.0% | 0.500 | 0.050 | -0.039 |
| killer | TK03 AI Regulatory Moratorium (EU/US Capability Freeze) | 10.0% | 0.050 | 0.500 | +0.032 |
| prereq | SEM_008 Training runs costing $10 billion for a single model will co — Dario Amodei | 76.9% | 0.500 | 0.050 | -0.031 |
Top outgoing (children)
Predictions THIS node influences
| Kind | Node | Their prob | P(c|s=T) | P(c|s=F) | Δ implied |
|---|---|---|---|---|---|
| prereq | 231_013 Math is cooked (will be solved), physics cooked, biology cha — Alex Wissner-Gross | 35.4% | 0.620 | 0.050 | -0.066 |
| prereq | 241_043 ASI will arrive within 2 years to 5 years to this next decad — Peter Diamandis | 35.9% | 0.650 | 0.050 | -0.058 |
| prereq | CMQ_002 By 2028, AI systems will reach 'independent researcher' leve — Sam Altman | 31.4% | 0.550 | 0.050 | -0.055 |
| prereq | 235_030 Ray Kurzweil predicts Longevity Escape Velocity (LEV) by 203 — Ray Kurzweil | 39.2% | 0.750 | 0.050 | -0.050 |
| prereq | 232_055 We're exiting the industrial age permanently as recursive se — Peter Diamandis | 35.5% | 0.700 | 0.050 | -0.033 |
Ticker exposure
33 ticker(s) linked
Beneficiaries (23)
Adverse (6)
Prerequisites (12)
Predictions that must hit first
| Type | Pred | Title | Domain | Lag |
|---|---|---|---|---|
| prereq | 234_012 | Anthropic revenue will cross OpenAI revenue in middle of 2026 | Markets/Stocks | — |
| prereq | 238_009 | Recursive self-improvement is already happening now (no longer three years out) | AI | — |
| prereq | SEM_008 | Training runs costing $10 billion for a single model will commence sometime in 2025. | AI | — |
| prereq | SEM_042 | 2025 will be the definitive year that agentic systems finally hit the mainstream. | AI/Agents | — |
| prereq | SEM_012 | Nvidia quadrupled chip production output while only doubling human headcount — achieved by deploying AI coding tools (Cursor, Claude Code) across engineering. | AI/Manufacturing | — |
| correlate | S_AGI_MID_2029 | AGI mid: Kurzweil 2029 path | agi_general_capability | — |
| correlate | S_AGI_FAST_2027 | AGI fast: drop-in remote worker by 2027-09 | agi_general_capability | — |
| correlate | S_AGI_SLOW_2031 | AGI slow: Schmidt/Hassabis 5-10 year path | agi_general_capability | — |
| correlate | S_AGI_WINTER_2036PLUS | AGI delayed: capability plateau or AI winter | agi_general_capability | — |
| killer | TK14 | Superbubble Pop (S&P 500 -40%, Moonshot Capital Evaporates) | — | — |
| killer | TK01 | AGI Capability Plateau (2026-27 Training Stall) | — | — |
| killer | TK03 | AI Regulatory Moratorium (EU/US Capability Freeze) | — | — |
Dependents (5)
Predictions enabled by this
| Type | Pred | Title | Domain | Lag |
|---|---|---|---|---|
| prereq | 235_030 | Ray Kurzweil predicts Longevity Escape Velocity (LEV) by 2033. | Biotech/Longevity | — |
| prereq | 232_055 | We're exiting the industrial age permanently as recursive self-improvement unfolds. | AI | — |
| prereq | 241_043 | ASI will arrive within 2 years to 5 years to this next decade | AI | — |
| prereq | 231_013 | Math is cooked (will be solved), physics cooked, biology char broiled. | AI | — |
| prereq | CMQ_002 | By 2028, AI systems will reach 'independent researcher' level — driving autonomous scientific discoveries without human intervention. | AI | — |
Linked documents (10)
Auto-generated by cosine similarity from Polymarket / Manifold / EDGAR / GDELT
Raw metadata
From Thesis_Timeline_v1.0_FINAL workbook
{
"nia": false,
"url": "https://www.youtube.com/watch?v=dmtvGKuRE64",
"mode": "PREDICTION",
"role": "Host",
"context": "There's a national vulnerability database that's maintained in part by NIST where it's there's a standardized system, a standardized nomenclature for enumerating vulnerabilities that are discovered in software products. And they are getting this is public reporting, public information. They're getting overwhelmed by AI discoveries of software vulnerabilities.",
"to_year": 2026,
"verbatim": "It's more often than not some poor, starving open-source project maintainer that's suddenly getting flooded with reports of vulnerabilities in their software project.",
"conv_cues": "getting overwhelmed",
"direction": "UP",
"from_year": 2026,
"timeframe": "Ongoing",
"conv_level": "HIGH",
"milestones": [
{
"kind": "llm_pre_event",
"label": "curl maintainer shuts down bug bounty due to AI slop reports",
"notes": "HIT — Stenberg confirmed <5% of 2025 reports legitimate; bounty paused.",
"source": "https://www.axios.com/2026/03/10/ai-agents-spam-the-volunteers-securing-open-source-software",
"status": "hit",
"weight": 0.4,
"ordinal": -7,
"source_id": null,
"confidence": 0.95,
"source_url": "https://www.axios.com/2026/03/10/ai-agents-spam-the-volunteers-securing-open-source-software",
"expected_date": "2025-12-31",
"observed_date": "2025-12-31",
"research_origin": "deep_research",
"measurement_criterion": "Daniel Stenberg or curl project officially closes bug bounty program citing AI-generated low-quality reports"
},
{
"kind": "prereq",
"label": "Nvidia quadrupled chip production output while only doubling human headcount — achieved by deploying AI coding tools (Cursor, Claude Code) a",
"status": "hit",
"weight": 0.5,
"ordinal": -6,
"source_id": "SEM_012",
"expected_date": "2026-04-29",
"observed_date": "2026-04-29"
},
{
"kind": "prereq",
"label": "Training runs costing $10 billion for a single model will commence sometime in 2025.",
"status": "hit",
"weight": 0.5,
"ordinal": -5,
"source_id": "SEM_008",
"expected_date": "2026-04-29",
"observed_date": "2026-04-29"
},
{
"kind": "prereq",
"label": "Anthropic revenue will cross OpenAI revenue in middle of 2026",
"status": "hit",
"weight": 0.5,
"ordinal": -4,
"source_id": "234_012",
"expected_date": "2026-04-29",
"observed_date": "2026-04-29"
},
{
"kind": "prereq",
"label": "2025 will be the definitive year that agentic systems finally hit the mainstream.",
"status": "hit",
"weight": 0.5,
"ordinal": -3,
"source_id": "SEM_042",
"expected_date": "2026-04-29",
"observed_date": "2026-04-29"
},
{
"kind": "prereq",
"label": "Recursive self-improvement is already happening now (no longer three years out)",
"status": "hit",
"weight": 0.5,
"ordinal": -2,
"source_id": "238_009",
"expected_date": "2026-04-29",
"observed_date": "2026-04-29"
},
{
"kind": "llm_pre_event",
"label": "Anthropic Opus 4.6+ discloses 500+ zero-days in OSS libraries",
"notes": "HIT — confirmed via NPR/Anthropic Project Glasswing reporting.",
"source": "https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview",
"status": "hit",
"weight": 0.4,
"ordinal": -1,
"source_id": null,
"confidence": 0.95,
"source_url": "https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview",
"expected_date": "2026-04-30",
"observed_date": "2026-04-11",
"research_origin": "deep_research",
"measurement_criterion": "Anthropic confirms autonomous AI agent discovered 500+ confir
... (truncated)