FOSS in Conflict: Navigating War Scarcity and AI

The FOSDEM 2026 panel discussion titled 'FOSS in times of war, scarcity and (adversarial) AI' examined the robustness of open source software during global crises. Participants analyzed how geopolitical instability affects digital infrastructure maintenance and development.

Discussions centered on three primary threats: physical destruction of server infrastructure in conflict zones, economic scarcity reducing developer contributions, and the rise of adversarial AI targeting open repositories. The event highlighted that the decentralized nature of FOSS provides unique advantages over proprietary models during such events.

Community resilience was identified as a key factor. When commercial support evaporates due to sanctions or bankruptcy, volunteer networks often sustain critical systems. However, the sustainability of this model remains a concern for long-term project viability.

Panelists at the event discussed how active warfare impacts software development pipelines. Physical destruction of data centers and internet exchange points in affected regions creates immediate access barriers for developers.

The conversation noted that proprietary software vendors often withdraw support from sanctioned or conflict-affected territories, leaving users stranded. In contrast, FOSS projects often continue to function because they rely on distributed version control systems like Git.

Key infrastructure challenges include:

• Loss of reliable electricity and internet connectivity
• Government-imposed internet shutdowns or firewalls
• Sanctions preventing access to cloud hosting services
• Displacement of core maintainers and contributors

The distributed nature of FOSS development allows surviving contributors to fork projects and continue work from safer locations, a flexibility rarely found in centralized proprietary models.

During times of economic scarcity, the volunteer workforce powering FOSS faces significant pressure. The discussion highlighted that many maintainers rely on freelance income or employment in the tech sector, which contracts during global downturns.

When economic crises hit, developers often must prioritize paid work over unpaid maintenance of critical open source libraries. This creates a fragility in the software supply chain, as many foundational tools are maintained by single individuals or small teams.

Specific risks identified included:

• Reduced time for security audits and bug fixes
• Abandonment of projects that are no longer commercially viable for the maintainer
• Increased reliance on corporate sponsorship, which may be withdrawn
• Difficulty in onboarding new contributors from economically disadvantaged regions

Participants debated whether crowdfunding models or public grants could provide a more stable financial base for essential projects during these periods.

The rise of artificial intelligence introduces new vectors for attacking open source ecosystems. The panel explored how malicious actors can use AI to generate subtle vulnerabilities or obfuscated code.

Unlike human errors, AI-generated exploits can be tailored to bypass specific detection mechanisms. This poses a challenge for FOSS projects that rely on manual code review and limited automated testing resources.

Threats discussed included:

• AI-generated hallucinated packages that mimic legitimate libraries
• Automated creation of social engineering content targeting maintainers
• Mass generation of low-quality or malicious pull requests
• Exploitation of dependency chains through AI-optimized attacks

Defensive strategies involve increasing the use of automated verification tools and fostering a culture of rigorous peer review, though these measures require resources that are scarce during times of conflict and scarcity.

Despite the grim outlook on war and scarcity, the discussion emphasized the resilience of the FOSS community. The ability to rapidly fork repositories and redistribute code ensures that no single point of failure can destroy a project entirely.

Participants suggested that the transparency of open source code is its greatest defense against adversarial AI. Since anyone can inspect the code, vulnerabilities are theoretically easier to spot than in closed-source 'black box' systems.

Looking ahead, the community is considering:

• Decentralized hosting solutions to resist censorship and physical destruction
• Standardized security protocols for AI-assisted code review
• Peer-to-peer funding mechanisms to support maintainers during economic downturns

The event concluded that while the challenges are significant, the open source model remains the most adaptable framework for maintaining digital sovereignty in an unstable world.