10 Minutes or Less with Ali Rohde
10 Minutes or Less with Ali Rohde
Open Source Powers the World. The Axios Hack Showed the Cost
0:00
-15:39

Open Source Powers the World. The Axios Hack Showed the Cost

Feross Aboukhadijeh on "10 Minutes or Less" and the hidden cost of trusting code

Last week, Anthropic announced Mythos Preview and Project Glasswing, saying the model had already found “thousands of high-severity vulnerabilities” and could “surpass all but the most skilled humans at finding and exploiting software vulnerabilities.”

Every software company should take that seriously.

That’s why, for this week’s 10 Minutes or Less, I wanted to talk to my friend Feross, founder and CEO of Socket. Few people have a clearer view of how AI is changing security. A few weeks earlier, Socket had been first to flag the attack on Axios, the HTTP library that powers network requests in millions of applications and gets downloaded 100M+ times a week. The Axios attack was one of five major supply chain attacks that month. Feross had also been personally targeted by North Korean hackers.

For years, Feross has been talking about the vulnerability Axios exposed: the open source software every company is built on top of. AI is what makes that point feel newly urgent. There is more code being written, more software being stitched together, and more trust decisions being made at machine speed.

For years, we treated dependencies like a convenience layer. Pull in the package, move faster, keep going. But as Feross put it, every dependency is really a trust decision. You are not just importing code. You are inheriting someone else’s maintenance discipline, security posture, and operational reality.

Socket was built around that exact insight: “The model is you look at the code. It sounds simple, but if humans aren’t going to read this code before they download it from a random website, then we need AIs to do it.”

Feross described the way modern software is built as a “shifting foundation,” and Axios showed what he means. The maintainer was socially engineered for two weeks, lured into a fake Microsoft Teams call, and tricked into installing malware that gave attackers access to a foundational package. Socket caught the backdoor six minutes after publication. Feross’s point is that this was not some fluke. Attackers found the obvious leverage point in the ecosystem. In an AI world, that leverage point matters even more, because the number of packages, tools, and low-context decisions inside software stacks is going up fast.

Open source powers the software world, but many of the people maintaining critical components are unpaid, overextended, or doing the work in spare hours. Feross put it this way:

“You kind of end up with this tragedy of the commons where these critical components are maintained by one random person who’s been doing it for 15 years, is totally burned out... and it’s crazy to think that we’re building all companies in the world on top of this foundation and it’s not properly funded and properly resourced.”

When asked about the future of open source, Feross shared that some tiny dependencies may simply stop making economic sense. If trust is more expensive and code generation is cheaper, the old modularity math changes. A 50-line package used to look like a clean abstraction win. Now it may look like one more trust relationship you have to monitor forever. That does not mean open source goes away. It means some of the old assumptions behind reuse get weaker when every imported package carries a more visible trust cost. AI is not just making old security tools more powerful. It is changing the economics of what code gets written, what code gets imported, and what risk is worth taking.

My takeaway from talking to Feross was not that open source is broken. It was that AI is making a neglected problem impossible to ignore. The software world depends on open-source infrastructure that it still does not fund, govern, or secure like infrastructure, and AI is raising the stakes on both sides: it is helping defenders find problems faster, while making the trust chain underneath modern software much more important to understand.


Full transcript:

Transcript has been lightly edited for clarity*

Q: The announcement of Anthropic Mythos, detecting the Axios attack 6 minutes after it happened, 5 major supply chain attacks in one month, being targeted by North Korean hackers... what is this moment like for you?

Feross: That’s a great question. It’s kind of surreal, actually, because we’ve been talking about the problem in software supply chain security since 2020, since we started the company. At the beginning, it felt like we were working on a niche problem, like it wasn’t going to be a big deal.

But I think we saw the future a little bit and realized that the way we build software today has changed and kind of opened up this opportunity for attackers to get into companies and organizations through all the open source code that we build all of our software with.

You never want to get happy or celebrate as a security vendor when there’s attacks happening, of course. But there’s also a way that I look at this, which is that I think we’re going to come out stronger as a software industry because this issue is now in the forefront and it’s become such a high profile concern amongst pretty much everybody if they’re paying any attention at all. So I think we’re going to end up better for it all.

Q: Is there any part of you that’s like: I told you so?

Feross: Yeah, absolutely. A lot of our team at Socket are open source maintainers ourselves. We have about 40 engineers on the team and over half have been open source authors at some point in their careers. Collectively, the team is responsible for about 15 to 20% of all npm download traffic. So we’re a big part of the supply chain ourselves.

We’ve seen firsthand how hard it is to be an open source maintainer. What goes into that job: it’s often unpaid, it’s often volunteer based. And then to think the whole economy of the world is built on top of this foundation.

I think we all knew that this problem was there, that we’re building software on this shifting foundation. And so to see the attackers finally realizing that this is a great opportunity, it’s not a huge surprise.

Q: Let’s talk about Axios. How was Socket able to flag the Axios backdoor so fast?

Feross: So what happened was, the maintainer of Axios (which, by the way, is a really popular open source library that helps you make HTTP requests, so it’s a foundational component that you see in a lot of applications) got a phishing email which was coming from somebody pretending to be the founder of a startup.

They gave him a Slack invitation to join this channel and work with the company on helping to maintain Axios, collaborating in various ways. They built up a relationship with him over the course of about two weeks, ultimately getting on a Microsoft Teams call with him.

And they did this really sophisticated attack. They put together a fake Microsoft Teams website, but it used the official Microsoft Teams SDK, so all the video components and everything kind of looked like the real thing and it was embedded in the page. At some point in the call, the call just drops, and then a little error message shows up that says you need to install this application on your system to update the software.

Anybody who’s on a call who’s worried and paranoid like, ah, I’ve got to get back in the call, they’re waiting for me. He just double clicked on it and installed it. It’s the kind of thing that could happen to anybody. They really built up this kind of trust with him, so he wasn’t suspecting this type of attack.

That was really the moment where they were able to install what’s called a remote access trojan onto his laptop, and from that point on, control everything on his computer, steal the tokens for his npm packages, and then put these backdoors into the packages.

Q: And then you guys found it really quickly. How were you able to detect what had happened?

Feross: The key insight of Socket was that traditional vulnerability scanning tools are very reactive. They sort of wait around for a security researcher to find a vulnerability inside of a piece of code and then report it. What we realized when we were starting the company was you really have to be much more proactive.

In the case of Axios, the moment that this bad code got added into Axios, everyone who is using that software should be able to know right away that something about this has changed in a fundamental way. The security model of the package has changed. There’s now data being stolen from the system. That code wasn’t there before.

We really needed to come up with a new model, which is: you look at the code. It sounds simple, but if humans aren’t going to read this code before they download it from a random website that they’ve found online and start using it, then we need APIs to do it.

So the real insight is we go out and we proactively (it’s almost like a web crawler, like Google but for open source code) go and find everything and analyze it all. It’s very expensive. There’s a lot of compute, a lot of token spend. But it leads to a much better, much safer model.

Q: Switching topics a little bit, I want to talk about being personally targeted by North Korean hackers. What is that like to learn that a nation state is coming after you specifically?

Feross: This isn’t the first time it’s happened. There was another attack where they were doing a bunch of what are called typosquat attacks, where they tried to pretend that they are other packages, and they hope that an AI or a human is going to make a typo or make a mistake and install something that’s a couple letters off from the correct package.

It’s hard to know whether they’re coming after me specifically because of working at Socket, or if it’s more like they’re going after the top maintainers on npm and just going down the list by download count and I’m included in that list. It’s probably the latter. If you look at the other folks that were hit. They were not hit, I should be clear. Being targeted means that they attempted to try to trick us. But nobody (myself or anyone at Socket) was actually fooled by it or fell for the bait. I just want to be really clear about that.

But yeah, it was funny: after it happened and the Axios maintainer shared some screenshots of what the initial emails he got looked like, myself and a bunch of others at the company, we just started searching our email and we’re like, oh, we have the same email.

Q: Does the rise of AI agents make your job easier or harder?

Feross: It absolutely helps Socket. The insight that we had was that you really want to look at all the code that you’re using in your application. Obviously, humans can’t do that. It’s not cost effective. It doesn’t scale. But you can think of AI as this infinitely scalable set of AI minions that you can apply to whatever boring, repetitive tasks that you don’t want to do as a human.

It absolutely has helped. We’re now literally reading every line of code of every open source package across 19 ecosystems. That would not have been possible without AI. If we were using old school ML methods or just human labor, that’s not going to scale.

What really works well is the hybrid AI-human combo, because the AI can do the grunt work and it can surface the most interesting insights to the experts on our team, who today are way better than the AI is at confirming these things. When you combine the two, you can basically drive false positives to zero.

We can afford to do this because open source, while there are tens of millions of packages, it is ultimately a finite problem. There is a fixed number of these things, and so we can afford to throw a lot of compute, a lot of token spend at it, and do this great work for our customers and for the community.

Q: Something that’s interesting to me, especially with the Mythos announcement yesterday, is it kind of feels like cybersecurity is more and more national security, too. How do you think about that?

Feross: Totally. Open source is infrastructure. It’s like our roads and our bridges. Nadia Eghbal wrote this amazing research paper and then later book on the idea of open source as roads and bridges and as key infrastructure for the whole country. That is absolutely what it is and how to think about it.

I don’t know how to solve the problem of how to secure every single open source project at the project level. It’s a really challenging problem. Do you fund it? Do you just give money to people? Should this be a government thing where we treat it as funding libraries or funding roads and bridges? Because in the past, getting companies to voluntarily pay money to you for code that is licensed as free (that they don’t need to pay for), it’s a clash. Donations and corporate CFOs, those don’t really go together. It’s very hard for companies to actually get money into the hands of the people that work on this stuff.

So you end up with this tragedy of the commons where these critical components are maintained by one random person who’s been doing it for 15 years, is totally burned out, totally susceptible to being tricked into just giving it to somebody random who shows up with even the slightest amount of help. It’s crazy to think that we’re building all companies in the world on top of this foundation and it’s not properly funded and properly resourced.

Q: I think I read that earlier in your career, you tried to do something about that, right?

Feross: Yeah. It was actually a funny story. I tried a whole bunch of things, but the one that got a lot of attention was I had an idea to bring advertising to open source. The idea was: as you were installing a package, you’d type npm install such-and-such, and then you’d see a banner ad in your terminal that would tell you, this package is brought to you by, and then some sponsor.

It had a very strong visceral reaction in the developer community. A lot of people were like, why are you bringing ads to the terminal? It’s my one safe space where there’s no advertising. Please don’t bring advertising.

So I totally get it. The point wasn’t that I love advertising or that I’m excited about ads, but I really wanted to do something that was in your face and would raise awareness of the issue to more people.

It absolutely did raise awareness. It was a huge controversy on Hacker News. Ultimately the two initial sponsors that I had roped into doing this to be part of this initial experiment were getting upset users contacting them saying, I’m going to cancel my subscription with you guys if you don’t back out of this. We meant you’re doing this for us because I hate advertising that much.

I got literally panicked calls from the CEO of one of the companies, and he’s like, you need to take our ad down right now. We’re literally losing customers because of this ad. Please cancel it.

I still think it was a success in terms of creating a conversation piece. I really do think those sponsors, and myself, had our heart in the right place. People are really entitled. People see it as this all-you-can-eat buffet of, I’m just used to it all being there for free. Like, what do you mean I have to pay for this, or there’s people behind it?

Q: Five years from now, does open source look fundamentally different than it does today?

Feross: Yeah, I think it will. The scale of pull requests and issues that maintainers were already dealing with was a lot. And now you have agents going around and doing stuff, constantly opening PRs. There’s a lot of overload from well-meaning people that are trying to help and deploy their AI.

It’s taking an already overburdened open source maintainer group and throwing even more at them. Then you add in all the vulnerabilities that new models like Mythos are going to find, and you’re going to get even more backlog. Maintainers are already at a breaking point, so I don’t know how that affects things.

I think we’ll see adoption of tools like Socket and other companies to help get a handle on all the threats coming from both the vulnerabilities and the supply chain attacks happening in open source.

You may see a little bit of a reduction in the usage of open source dependencies at the margins, maybe just a small amount. I don’t think it’s going to be a big amount. But when you’re talking about a 50-line package, it might make sense to just have the AI write that 50 lines directly into your application and remove that supply chain risk.

Obviously there are trade-offs. That comes with its own downsides because now you don’t get improvements over time, you don’t get performance fixes, you don’t get bug fixes. You’re responsible for maintaining that code. So you lose a little bit of reusability.

But given the threat we’re seeing in the supply chain, I think people are going to start to consider doing that. I don’t think it’s going to spread very far. I don’t think you’re going to see people rewriting React or Node.js or their own operating system like macOS for themselves. There’s still a lot of value to building on the same shared foundation as others in the community. This is also stuff that the models have been trained on. But I do think we’ll see some shift there. We’re living in very interesting times.


Most podcasts are an hour or more. This is 10 Minutes or Less. Subscribe below to receive the next episode.

Discussion about this episode

User's avatar

Ready for more?