Y2K 2.0: The AI security reckoning

LLMs are rapidly accelerating the discovery and exploitation of software security vulnerabilities, creating a crisis analogous to Y2K. AI coding agents can find hundreds of times more vulnerabilities than previous tools, chain them together in novel ways, and enable highly personalized attacks at scale. Open source projects face a double threat: being flooded with AI-generated slop code submissions while simultaneously having their codebases scanned for exploits. The US regulatory response is hampered by political dysfunction, leaving the burden on private sector collaboration, academia, and local governments. The author argues that every substantial codebase in production today should be assumed exploitable, and that fundamental assumptions about software development, code sharing, and trust in the supply chain must change.