AI vs. Shadow Patches: Exposing Open-Source’s Hidden Security Gaps

BSides SF 2025 featured an AI tool that scans OSS for "shadow patches"—undisclosed fixes that hide vulnerabilities. The system parses code changes and forums to uncover risks, like a stealth Redis patch. Goal: Close the transparency gap in OSS maintenance. 

https://www.scworld.com/news/bsides-sf-using-ai-to-spot-shadow-patches-in-open-source-software