惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
Y
Y Combinator Blog
博客园 - 聂微东
GbyAI
GbyAI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
月光博客
月光博客
T
The Blog of Author Tim Ferriss
爱范儿
爱范儿
宝玉的分享
宝玉的分享
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
雷峰网
雷峰网
MyScale Blog
MyScale Blog
Cloudbric
Cloudbric
T
Threatpost
Scott Helme
Scott Helme
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
Martin Fowler
Martin Fowler
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Engineering at Meta
Engineering at Meta
美团技术团队
Apple Machine Learning Research
Apple Machine Learning Research
V2EX - 技术
V2EX - 技术
罗磊的独立博客
Attack and Defense Labs
Attack and Defense Labs
IT之家
IT之家
S
Secure Thoughts
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Docker
V
V2EX
T
Troy Hunt's Blog
Forbes - Security
Forbes - Security
aimingoo的专栏
aimingoo的专栏
J
Java Code Geeks
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
T
Tor Project blog
P
Proofpoint News Feed
Recorded Future
Recorded Future
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Simon Willison's Weblog
Simon Willison's Weblog
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
O
OpenAI News
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
云风的 BLOG
云风的 BLOG

Socket

White House Launches Gold Eagle Initiative to Manage Surge i... Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Mu... Next.js moves to scheduled security releases - Socket 11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windo... Compromised npm Packages in the AsyncAPI Namespace Deliver M... jscrambler npm Package Compromised in Supply Chain Attack - ... Fake Braintree NuGet Package Skims Credit Cards and Harvests... Compromised Injective SDK npm Package Exfiltrates Wallet Key... npm v12 Ships With Install Scripts Off by Default, Begins De... Malicious Go Module Exposes GitHub Malware Lure Network Span... pnpm 11.10 Hardens Registry Authentication to Block Token Re... Coordinated npm and PyPI Campaign Typosquats Popular Secure ... Node.js Considers Public Workflow for Security Reports Amid ... PolinRider: North Korea-Linked Supply Chain Campaign Expands... Risky Biz Podcast: AI Agents Are Raising the Stakes for Soft... Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo... Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S... Rolldown Pulls Rust React Compiler Integration After Binary ... Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and Git... Frontier AI Is Now Critical Infrastructure - Socket The Code You Didn't Write Is Still Yours to Defend - Socket GitHub Actions Checkout Now Blocks Risky pull_request_target... Introducing Repository Access Permissions and Custom Roles -... Socket MCP Adds Org Alerts, Threat Feed Review, and Package ... Socket Firewall Now Blocks Malicious VS Code and Open VSX Ex... 140+ Mastra npm Packages Compromised in Coordinated Supply C... npm Package Uses Prompt Injection and Token Flooding to Disr... Introducing Manifest Alerts - Socket GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ... Socket for Linear Is Now Available - Socket US Government Forces Anthropic to Pull Claude Fable Days After Launch 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic Andrew Becherer Joins Socket as Chief Information Security Officer Socket Partners with Replit to Block Malicious Packages in AI-Powered Development npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems pnpm 11.5 Adds Support for Recognizing npm Staged Publishes pnpm 11.5 Adds Support for Recognizing npm Staged Publishes Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Famous Chollima Targets PHP Developers Through Compromised Packagist Package Famous Chollima Targets PHP Developers Through Compromised Packagist Package Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Laravel Lang Compromised with RCE Backdoor Across 700+ Versions Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects AI Has Taken Over Open Source npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor Active Supply Chain Attack Compromises @antv Packages on npm Popular node-ipc npm Package Infected with Credential Stealer TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks Packagist Urges Immediate Composer Update After GitHub Actions Token Leak GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack fsnotify Maintainer Dispute Sparks Supply Chain Concerns Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies PyPI Fixes High-Severity Access Control Issues Found in Security Audit Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack lightning PyPI Package Compromised in Supply Chain Attack Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables SAP CAP npm Packages Hit by Supply Chain Attack Socket Has Acquired Secure Annex 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations Introducing Reachability for PHP Introducing Data Exports Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Introducing Organization Notifications in Socket Introducing Reports: An Extensible Reporting Framework for Socket Data Socket for Jira Is Now Available Socket Named Top Sales Organization by RepVue NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets Socket Selected for OpenAI's Cybersecurity Grant Program Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure Node.js Drops Bug Bounty Rewards After Funding Dries Up The Hidden Blast Radius of the Axios Compromise
Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate
Sarah Gooding · 2026-05-31 · via Socket

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.

Install

Rust has topped Stack Overflow's most-admired language survey for nine consecutive years. It's also become an increasingly attractive target for LLM-assisted development. The borrow checker and strict compiler that make Rust appealing for safety-critical systems also give LLMs an immediate feedback loop that other languages don't. The compiler catches errors the LLM introduces, which makes AI-assisted Rust development more reliable than in permissive languages where bad output can silently compile and ship.

That dynamic puts rust-lang/rust in an uncomfortable position. The same compiler strictness that makes Rust a compelling target for AI-assisted development is drawing a wave of low-effort LLM-generated PRs to the project's own repository, and the maintainers are dealing with the cost of reviewing them.

The Rust project is moving toward a formal policy on LLM use in rust-lang/rust contributions, following more than a month of internal debate that generated upwards of 3,000 messages on Zulip before culminating in a public GitHub pull request.

The proposed policy, submitted to rust-forge by contributor Jynn Nelson, is under active discussion in a pull request. It takes a deliberately conservative position: LLMs are fine for reading, analyzing, and learning from code, but not for creating it. The distinction the policy draws is between using LLMs as a thinking aid versus using them to generate output that gets committed to the repository.

The allowed list includes asking an LLM questions about the codebase, having it summarize issues or PRs for your own use, using it to privately review your own code before posting, and generating possible solutions to study before writing your own implementation from scratch. Writing dev tools for personal use is also permitted, as long as they don't get merged upstream.

The banned list is shorter but covers the most common problem areas: comments or PR descriptions written by an LLM, documentation and compiler diagnostics originally authored by an LLM, and any workflow where an LLM review is treated as sufficient grounds to merge or reject a change.

A middle category, disclosed, case-by-case use, includes machine translation, trivial code changes that don't meet a threshold of originality, and LLM-powered review bots. Review bots are allowed with significant constraints: they must operate from a separate GitHub account, must be blockable by individual users, cannot post verbatim LLM output on a personal account, and their comments cannot be blocking without explicit endorsement from the human reviewer.

The policy also includes an experimental exception for LLM-authored code, under strict conditions. The PR must be solicited by a reviewer in advance, the change must not touch safety-critical components like the trait system or MIR building, it must be well-tested and well-reviewed, and both author and reviewer must be able to fully explain the code. Such PRs would be tagged with an ai-assisted label and posted to a private Zulip channel to track whether the experiment is producing useful contributions.

The "slop" problem driving urgency#

The authors give three reasons for the policy:

  • Many people find LLM-generated code and writing deeply unpleasant to read or review.
  • Many people find LLMs to be a significant aid to learning and discovery.
  • rust-lang/rust is currently dealing with a deluge of low-effort "slop" PRs primarily authored by LLMs.
    • Having a policy makes these easier to moderate, without having to take every single instance on a case-by-case basis.

The compiler team had already addressed this partially with a separate proposal to empower reviewers to reject burdensome PRs, defined as PRs that are needlessly verbose, internally incoherent, or demonstrate misunderstanding of the code, without having to defend that decision extensively.

The LLM Usage Policy is explicit that enforcing it shouldn't become its own burden:

"The optimal amount of fraud is not zero." Don't try to be the police for whether someone has used an LLM. If it's clear they've broken the rules, point them to this policy; if it's borderline, report it to the mods and move on.

Lying about LLM use, however, is treated seriously and it's classified as a code of conduct violation rather than a policy violation, which carries different consequences.

Project Leadership Pushes Back on Scope and Precedent#

The discussion surfaced disagreement at the leadership level. Niko Matsakis, one of Rust's most prominent contributors and a principal architect of the modern language, contends the proposal does more damage than having nothing in place:

I do think this is worse than no policy at all, because it sets a precedent that I think will harm potential contributors and set the project on what I consider to be an overall negative trajectory.

His concern is that future contributors will be people who use LLMs as a standard part of their workflow, and a restrictive policy now forecloses the conversation before the project has enough data to make that call. He also argued the policy is too complicated: "I think people are going to read it and just be overwhelmed." On the list of conditions for the experimental exception, he commented: "To me, the list of conditions is overkill and kind of insulting. It signals a lack of trust in your fellow team members to be able to review code."

Jack Huey, types team co-lead and compiler team maintainer, pushed for the policy to be treated as a starting point: "I said it in one of my review comments, but regardless of what gets merged here, I don't want us to point to this and think 'it's the end' of the discussion. I think it's more than just this policy 'not just being set in stone', but rather I want us to think of it as 'just a step' to more discussion and data."

Rust contributor Diggory Blake questioned the policy's framing, noting that it targets how code is created rather than whether it's good:

I very much sympathise with the maintainers who have to deal with slop PRs, but I think this is coming at it the wrong way?
If someone opens a concise, easily reviewable change that's a clear positive improvement, but marks it as AI generated, does the policy compel maintainers to reject it? Seems like cutting your nose off to spite your face... Shouldn't the policy focus on giving more flexibility to the maintainers while setting expectations for contributors?

His suggestion was to frame the policy around what maintainers are obligated to review rather than what contributors are permitted to produce, avoiding what he called inevitable fairness disputes when similar PRs get treated differently.

Open Source Projects Range from Full Ban to Permissive on LLM Contributions#

The PR includes a survey of how other major open source projects have handled this, organized along a spectrum from full ban to permissive. Full bans are in place at postmarketOS, Zig, Servo, and QEMU. Zig's policy is rooted in concerns about the construction of original thought and cites a 1957 Asimov short story.

Zig's full ban on AI use for contribution

QEMU's is more pragmatic, focused on copyright and licensing, and notably carves out non-generative uses like using an LLM to explore an API or debug. Projects that allow LLM use with human oversight and disclosure requirements include LLVM, the Linux kernel, Mesa, Firefox, and Ghostty. NixOS has a draft policy under community review but no policy yet.

The Rust project's policy is scoped only to rust-lang/rust. Other repositories in the rust-lang organization are not covered, and the PR explicitly acknowledges that extending it project-wide was attempted and failed to reach consensus.

The PR was still open as of publication, with consensus expected to take the form of a joint Final Comment Period across four teams.