Open weights win the technical debate, lose the governance one
Every URL the pipeline pulled into ranking for this issue — primary sources plus the supporting and contradicting findings each Researcher returned. Inline citations in the issue point back here.
Sources
AI and the Future of Cybersecurity: Why Openness Matters huggingface.co
References
Vidoc Security Lab blog blog.vidocsecurity.com
Both GPT-5.4 and Claude Opus 4.6 cleanly reproduced the FreeBSD and Botan vulnerabilities in every attempt… Claude Opus 4.6 also successfully identified the subtle 27-year-old OpenBSD bug
Sloppish (AISLE reproduction notes) sloppish.com
even a 3.6-billion-parameter model could detect the flagship FreeBSD exploit for a fraction of the cost of frontier models
Bruce Schneier blog schneier.com
should not be governed solely by the internal judgment of its creators… that is not a choice a for-profit corporation should be allowed to make in a democratic society
Mashable mashable.com
dismissed the initial announcement as a ‘PR play by Anthropic’
The Hacker News (CVE-2026-25874) thehackernews.com
LeRobot utilized unsafe pickle deserialization despite Hugging Face’s long-standing promotion of the more secure Safetensors format… the vulnerable code contained # nosec comments, which explicitly silenced security linters
Let’s Data Science letsdatascience.com
a small Discord-based group gained unauthorized access to the model by simply guessing the preview URL within a third-party vendor environment
