Open source in the agentic era

Securing the Future: Open Source, AI, and the Evolving Landscape of Software Development

Mr. Alexander Pigman, Senior Tech Correspondent at AFP, moderated a Web Summit Lisbon 2025 panel on open source in the agentic AI era. Mr. Avery Pennarun, Co-founder and CEO of Tailscale, advocated for cautious AI adoption, prioritizing network security. Mr. Bailey Pumfleet, Co-founder and CEO of Cal.com, discussed his company’s recent pivot from open source to closed source.

Cal.com’s shift was driven by escalating security concerns. Mr. Pumfleet explained AI’s dual capacity to build and exploit software, alongside inconsistent AI outputs, created a turbulent environment. This uncertainty necessitated a closed-source approach to better protect customer data and manage inherent risks.

Mr. Pennarun characterized AI as a “gullible” but fast-coding intern, prone to errors, yet equally proficient in reviewing code. The open-source community faces an explosion of “AI slop”—unvetted, AI-generated contributions—overwhelming human maintainers and posing quality challenges.

To counter this, Mr. Pennarun proposed leveraging AI for automated code reviews. These systems could efficiently pre-screen incoming pull requests, filtering out low-quality contributions or iteratively refining them. This enables human maintainers to focus on strategic decisions and project vision.

Mr. Pumfleet highlighted new security threats, referencing the “Mythos moment” where AI uncovered complex vulnerabilities in critical software like Firefox. He warned that widespread access to advanced, open-source AI models capable of such exploits could empower malicious actors globally, threatening robust systems.

Mr. Pennarun expressed optimism, commending Anthropic for responsibly managing Mythos, allowing time for critical software patches. He believes continuous AI-powered security reviews, which most software currently lacks, can significantly enhance system security. A collective industry commitment to security is crucial.

The discussion also explored governance. Mr. Pumfleet suggested that regulation, such as export controls, might be needed to ensure a balanced and secure AI development landscape. Mr. Pennarun predicted a tiered AI market, with premium models remaining costly, while older models become more affordable, impacting security investment.

Both speakers underscored the irreplaceable human element. Mr. Pennarun likened AI to a “genie” that grants literal wishes, emphasizing humans must define their true desires. AI automates tedious tasks, allowing humans to focus on creative problem-solving and determining what innovations should exist. Mr. Pumfleet advocated for sensible, cautious AI adoption to boost productivity without job displacement.

He concluded that this era presents exciting opportunities for innovation, with rapidly expanding capabilities that, if managed wisely, can drive positive developments and the creation of valuable solutions.