The hidden dangers lurking in open-source AI models

As the AI landscape rapidly evolves, open-source models like DeepSeek and Llama are reshaping the possibilities of software development. Their accessibility and performance make them attractive to developers and organisations alike. But while these models offer substantial benefits, they also carry serious security risks – many of which remain overlooked.

From outdated dependencies to the danger of unrestricted use, open-source AI comes with challenges that could have far reaching consequences. Here, we explore the key vulnerabilities and how security teams can mitigate them effectively.

Security vulnerabilities in popular open-source models

Open-source models are built on complex ecosystems of external libraries and dependencies. While these are essential for functionality, they can introduce significant vulnerabilities. Hidden backdoors, outdated code and insufficient patching practices are just some of the issues that can arise and attackers can exploit.

The XZ Utils backdoor incident in Linux systems served as a stark reminder of how a single compromised flaw can have catastrophic consequences, affecting not only individual systems but potentially global networks. Many open-source libraries used in these models can be five to 10 years old or more, and when they are no longer updated or patched on a regular basis, they pose significant security risks. In fact, research shows that over 70% of applications contain open-source flaws that often go undetected. This underscores the need for regular vetting, patching and securing of all open-source components.

The danger of unrestricted access

While openness drives innovation, it also opens the door to misuse. The unrestricted availability of potent open-source models introduces several risks. Without limits or controls, these models could be used maliciously to develop harmful applications, create convincing deepfakes, or automate phishing attacks.

The ease of access to such powerful tools means that anyone with technical knowledge can use them for nefarious purposes. Without proper oversight, organisations could inadvertently allow harmful code to proliferate, especially as there is no guarantee users follow secure development practices. What’s more, the lack of transparency around which libraries—and which specific versions of those libraries—are being used, especially in AI-powered models, increases the risk. Unreported software packages, or libraries that are not explicitly declared or identified during scans, can hide critical vulnerabilities and pose a blind spot in security assessments.

A double-edged sword for security teams

Despite the risks, the benefits of open-source models have the potential to outweigh the drawbacks, but only if security teams are proactive in managing risks. These models can enhance security by offering rapid deployment and testing of code, allowing teams to innovate and address vulnerabilities more quickly. However, this comes with the caveat that security teams must use advanced tools to detect and mitigate vulnerabilities in open-source dependencies.

Automated vulnerability remediation is essential to managing the risks posed by unreported vulnerabilities or outdated libraries. By adopting these technologies, security teams can keep pace with evolving threats while continuing to benefit from the power of open-source models. Investing in technologies such as AI-powered security tools and automated remediation allows teams to harness the power of these models while minimising the potential risks.

To manage open-source models safely, organisations should consider the following best practices: