Greg Kroah-Hartman discusses the surprising rise of AI in Linux kernel security and code review. He highlights the shift from low-quality AI-generated reports to useful findings, the collaborative efforts across open-source projects, and the integration of AI tools like Sashiko to streamline the review process.
During a press luncheon at KubeCon Europe, Greg Kroah-Hartman, a long-term Linux kernel maintainer, shared insights on the recent surge in AI's influence on Linux security and code review . Kroah-Hartman, based in the Netherlands, noted a significant shift in the past month, with AI-driven activity 'really jumping' in a way that surprised the open source community. Initially, the team encountered 'AI slop' – low-quality, often incorrect AI-generated security reports.
However, the situation has dramatically improved, with the emergence of credible reports that are significantly more useful. This change has been observed across various open source projects, indicating a broader trend. The reasons behind this shift remain unclear, with possible explanations ranging from advancements in AI tools to a concerted effort by multiple groups to leverage AI for security analysis. The increase in AI-generated reports is particularly noticeable in the Linux kernel community, where a large and distributed team can manage the influx. However, smaller projects may face greater challenges in handling the volume of AI-generated findings, which, unlike the previous 'AI slop,' now identify real vulnerabilities.\Kroah-Hartman emphasized the collaborative nature of open-source security efforts. Security teams across major projects regularly share information and experiences due to facing similar challenges. The tools are getting better. Kroah-Hartman conducted experiments with AI-generated patches, finding that, while some were inaccurate, many identified real problems and offered functional solutions that simply needed human refinement. He emphasized that the tools are improving and the community can no longer ignore this trend. The impact of AI is becoming more pronounced, with developers acknowledging its role in code submissions. While AI is not yet the primary author of core kernel code, it's becoming a valuable assistant in code review and contributing to specific features. Kroah-Hartman believes that AI could already generate dozens of usable patches, particularly for straightforward error conditions. The integration of AI into the kernel's review infrastructure is accelerating, with tools like Sashiko, originally developed at Google, playing a crucial role. This initiative aims to streamline the review process and reduce the workload on human maintainers.\The adoption of AI in the Linux kernel ecosystem has prompted efforts to incorporate AI tools into the review process. This involves integrating tools like Sashiko, which is used on almost all kernel patches, and making it available for public use. The development builds upon previous initiatives by specific subsystems. Kroah-Hartman highlighted the progress made by the networking and BPF teams, which have been using LLM-generated reviews for a while. The direct rendering manager (DRM) community is also contributing to the initiative. These subsystems are now integrating their skills into a common interface, and others are contributing their experiences publicly. This collaborative approach focuses on developing tailored prompts that offer guidance in areas like storage and graphics, leading to a more efficient review workflow. Kroah-Hartman also acknowledged the contributions of Chris Mason, a long-time kernel developer, who pioneered AI-based review workflows for the eBPF and networking teams, which set a precedent for the widespread adoption of AI in the code review process.
Linux Kernel AI Security Code Review Open Source
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Leeds United to Relocate and Repaint Don Revie Mural Due to Elland Road ExpansionLeeds United will move and repaint the mural of the 1972 FA Cup-winning team due to the expansion of Elland Road. The mural, commissioned by the Leeds United Supporters’ Trust, will be relocated near its original site to make way for a new security hub as part of the West Stand expansion.
Read more »
Age Verification Code Merged into systemd, Sparking Debate Within the Linux CommunityThe integration of age verification features into systemd, the widely used system management daemon, has triggered a wave of reactions within the Linux community. The move, aimed at complying with new age verification laws, has ignited debates on privacy, open-source principles, and the role of tech giants in shaping regulations. This news piece explores the implications of this change and the diverse responses it has elicited.
Read more »
Firefox 149 adds a free VPN and finally plays nice with Linux dialogs: In other browser news, Opera now caters to penguinista gamers
Read more »
Octopus Energy boss: We've seen a 50% rise in solar panel sales since start of war in IranThe UK giant is optimistic but chief executive Greg Jackson tells the BBC he is making contingency plans.
Read more »
AI bug reports went from junk to legit overnight, says Linux kernel czarInterview: Greg Kroah-Hartman can't explain the inflection point, but it's not slowing down or going away
Read more »