AI Code Floods Open Source: How Kusari Inspector Filters Malicious PRs | CRob & Michael Lieberman

Open source maintainers face an impossible challenge: AI bots are flooding repositories with pull requests—some helpful, some malicious, most just noise. Manual code reviews can't keep pace, and a single compromised dependency can cascade into a supply chain attack affecting millions of users. In this exclusive interview with Swapnil Bhartiya, CRob, CTO of OpenSSF, and Michael Lieberman, Co-founder and CTO of Kusari, announce that Kusari Inspector is now free for all CNCF and OpenSSF projects. This AI-powered security tool acts like a virtual security engineer, running automated scans, filtering false positives, and identifying real threats—from SQL injections to malicious pipeline changes—before code gets merged. Key Topics Covered: How AI-generated code creates new supply chain attack vectors in open source ecosystems Kusari Inspector's multi-modal approach: GitHub app, GitHub Actions, and CLI integration for agentic workflows Real-world detection of malicious CI/CD pipeline modifications, supply chain worms, and dependency poisoning attacks OpenSSF and CNCF partnership strategy to harden projects ahead of EU Cyber Resilience Act (CRA) enforcement Expert system architecture: combining SAST, secret scanning, and LLMs with prompt engineering to eliminate noise Read the full story & transcript at www.tfir.io #OpenSource #SupplyChainSecurity #KusariInspector #OpenSSF #CNCF #KubeCon #CyberResilienceAct #AICodeReview #DevSecOps #CloudNative