← Notes
Date
23 Jun 2026
Tags
open-source · security

We are an open institute by instinct: we publish notes and findings, we open-source tooling, and we treat outside scrutiny as the thing that makes software trustworthy. But openness is a means, not a totem. For one class of our work — security-critical systems such as our identity and messaging infrastructure — we keep the source closed to the public. This note explains why, and what we offer instead.

The case for open-sourcing security code rested on Linus’s Law: given enough eyeballs, all bugs are shallow. It quietly assumed the eyeballs were symmetric — defenders and attackers both read the code, and the larger defending crowd usually won the race to each bug. What has changed is not the law but the cost of a single pair of eyes.

That cost has collapsed. Google’s Big Sleep agent (2024) and a researcher’s use of OpenAI’s o3 on the Linux kernel (2025) were early signs; by 2026 the volume jumped. Anthropic’s Mythos model reported thousands of zero-days across every major operating system and browser; Tencent’s multi-agent system returned 33 in one campaign; and an AI tool found “Copy Fail”, a root bug that had sat in the Linux kernel since 2017. The kernel then saw a cluster of local-root flaws — Copy Fail, Dirty Frag, Fragnesia — surface within weeks of one another. Not all were AI-found; some were human researchers building on each other’s patterns. But after years in which such bugs were rare, the change in pace is the point.

These tools do not care who holds them. Defenders found most of the bugs above first — but attackers are now running the same play. Google’s threat team caught a criminal group that had used AI to build a zero-day — a two-factor-authentication bypass — for a planned mass-exploitation campaign, and disclosed it to the vendor only just in time; state-linked groups are using models to analyse CVEs and validate exploits in bulk. The window between a flaw being found and being exploited, once measured in months, is closing toward minutes.

This is where the symmetry breaks. “Many eyes” assumed a defending crowd would show up; for a small institute’s niche security product, that crowd does not exist — and the attacker no longer needs one, because a single capable model now stands in for it. This is not a retreat into security through obscurity. We assume a determined attacker can reconstruct how our systems behave from the outside, and closing the source does not make a weak system strong. It simply declines to hand out a free, machine-readable map at the moment when reading the map became the cheap step — a modest but rational increase in the cost of attacking us.

So our security-critical code is closed to the public and open to scrutiny — two things that are no longer the same. If you or your team want to study, learn from, or audit it, write to us; once we have confirmed who you are and why you are asking, we are glad to give you access. Everything outside this category we still publish in the open. Openness remains our default; this is the one place where we judge its cost to now outweigh its benefit, and we would rather say so plainly than quietly ship something closed and let you wonder why. The address is contact@luminx.one.