협공 공격 - AI가 오픈 소스를 죽인 방법

The best argument for open source was economic. Don't reinvent the wheel. Use what already exists. Pool effort across organizations. This made sense when building a wheel was expensive â when writing a library took hundreds of hours, when the alternative was paying a team to duplicate work someone else had already done. The cost of production was high, so sharing production made sense. Open source was a rational response to programmer scarcity. AI ended the scarcity. Now the entire open source ecosystem is experiencing a pincer attack: the trust model is collapsing, vendors are cloning entire open source stacks, and individuals are yoinking ideas and having LLMs reimplement what they need from a package without using the package. Recently, LiteLLM, a Python library downloaded over 94 million times a month, was compromised on PyPI. A threat actor pushed malicious versions containing a credential stealer that executes automatically on every Python process startup. You didn't even have to import the library. Just having it installed was enough. The payload harvested secrets, established persistence through systemd, and could laterally move across Kubernetes clusters to deploy privileged pods on every node. The compromised versions were live for three hours before PyPI quarantined the package. Three hours, 94 million monthly downloads, and a maintainer whose GitHub issue about the compromise was closed as "not planned." Open source always ran on trust. You pulled in a dependency and trusted that the author wasn't malicious, wasn't compromised, wasn't having a bad day. You trusted that the community reviewing the code was large enough and competent enough to catch problems. You trusted that the volume of contributions was low enough that humans could actually review them. The intent behind open source contributions is unknowable, and AI makes contributing incredibly inexpensive. A pull request generated by AI looks exactly like one written by a human. A subtle backdoor introduced across three seemingly innocent commits by three seemingly unrelated accounts is now a weekend project for anyone with bad intentions and a prompt. You can't code-review faster than AI can generate plausible-looking attacks. Every company running open source dependencies â which is every company â is now running code from an ecosystem where the cost of contributing maliciously has dropped to near zero while the cost of detecting malice has stayed the same or gone up. This is a supply chain with the locks removed. The same companies that spent years telling programmers to contribute for free are about to discover what happens when anyone can contribute, for any reason, at machine scale. The signal-to-noise ratio in open source is collapsing, and so is the trust model that made the whole thing work. Cloudflare put one developer on the task of cloning Next.js â a framework representing years of work by Vercel and hundreds of open source contributors. It took a week and roughly $1,100 in inference costs. One person, one week, a thousand bucks. That's what years of community effort is worth now when a sufficiently motivated company points AI at your project. They didn't need to fork it, contribute to it, or even engage with the community. They just rebuilt it. And they have every right to â the code was open, the LLMs learned from it, and now the economics favor cloning over collaborating. Andrej Karpathy â the guy who coined "vibe coding" and now apparently "yoinking" â recently laid out a philosophy of writing code like bacterial genomes: small, modular, self-contained. His test for good code? "Can you imagine someone going 'yoink' without knowing the rest of your code or having to import anything new?" The anti-dependency model. When AI can read a library, understand the three functions you actually use, and rewrite them inline in your project in seconds â why would you ever pip install anything? You don't need the package. You don't need the maintainer. You just need the idea, and the LLM extracts it for you. You wrote a library because you hit a problem and thought other people probably hit it too. You published it. People started using it. Then a lot of people started using it. It felt great. Then you started getting issues at 3 a.m. from people who didn't read the README. Unpleasant emails from people who talked to you like you owed them something for using your code. Then came feature demands from billion-dollar companies who never sent you a dime. You kept going because you felt that there was a social contract: community, contributions, reputation, maybe a job offer. Downloads are dropping. Not because your library got worse. It's Yoinkers taking your ideas into their own code. Some published their own version of your library but left your contact information in the README, now you are getting demands to fix things you didn't break, things that are not even in your library. The PRs have tripled, and tripled again. Everybody with a