These are the people who killed CentOS.

They know the letter of OSS, not the spirit.

Such is the nature of tools all throughout history. This may be new to you, but it not new at all.

What were they going to be assigned to?

By all means you carry on manually removing individual files if it make you feel smart.

Open source is first simply because it is an easier target for AI to learn on. If it makes you feel better, a lot of the leading IT security experts who follow these things expect over the next couple of years the frontier models are going to get significantly more skilled at reverse engineering closed source binaries. So give it time, you will get your wish. Hopefully most of the open source stuff is gone through by then so we don't have to do it all at once.

OpenSSL too.

At AISLE, we've been testing our AI system against the most secure software projects out there as live targets since late 2025. We did not focus on retrospective benchmarks, toy tasks, or CTF challenges, but on production code that the world critically depends on. We chose this path because no synthetic benchmark faithfully captures the difficulty of earning a real CVE from a well-secured project like OpenSSL, where maintainers are conservative, have limited time, and have every reason to reject every finding that is not absolutely clear cut.

Here's where things stand.

In the latest OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.

These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Young's original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.

https://aisle.com/blog/what-ai...

The less infrastructure that is actually built the less severe the crash will be. That is actually a good thing.

Are you saying Chrome has no uninstaller?

Did he read the license? Seems odd for a lawyer that he would not even mention this, even if he thinks it does not matter that would be good to know for context.

I really hope you don't consider removing a file the same as uninstalling. Be careful what you call clueless.

There are specific "ethical funds" which you are free to put all your personal pension savings into.

A case could even be made these are the most responsible parents. They know what their kids are doing and are paying attention (as opposed to their kids doing it behind their back, or the parents simply not caring). Good on them.

And as a bonus, the kids are learning at a young age that government is frequently an impediment to life that needs to be worked around. That lesson will serve them well for life.

Unintended consequences are what government does best.

Did not work out so well for Louis XVI either.