HuggingFace manifesto: open source as the foundation of AI cybersecurity

On April 21, 2026, HuggingFace published a comprehensive manifesto in which Margaret Mitchell, Yacine Jernite, Clem Delangue, and 17 co-authors argue that the future of cyber defense depends on open models, open scaffolding, and auditable trails. The text is a direct response to Anthropic’s Mythos project.

Why do closed AI systems represent a single point of failure?

The authors argue that AI capability in cybersecurity is not smooth — it depends on the system within which the model operates (compute, software data, scaffolding for vulnerability discovery, autonomy). In closed projects, this system lives with a single vendor. This means that only one organization can view and fix the code, which the authors describe as a “single point of failure.” An additional problem is that AI tools increasingly reverse-engineer obfuscated binary files, making proprietary obscurity an ineffective defensive strategy. Open ecosystems, by contrast, distribute work across four phases: detection, verification, coordination, and patch propagation. Each of these phases benefits from more eyes and teams sharing findings.

How do AI tools amplify vulnerabilities in closed code?

The manifesto warns of a scenario already unfolding: companies adopt AI tools for code development under misaligned incentives — speed over security. In such conditions, according to the authors, “AI-accelerated development can introduce more vulnerabilities into proprietary code than traditional development.” These vulnerabilities then sit in a closed codebase where only one organization can find and fix them, while AI-armed attackers increasingly discover the same flaws from the outside. The authors call this risk an “asymmetry of capabilities” between attackers and defenders — open models and tools reduce this gap by giving defenders access to the same class of capabilities that attackers reach for.

What are semi-autonomous agents with oversight and why do the authors recommend them?

Instead of fully autonomous systems operating without human insight, the manifesto proposes semi-autonomous agents — systems where actions are predefined, certain steps require human approval, and humans retain control. The key sentence reads: “‘Human in the loop’ only makes sense if the human can see into the loop.” For that oversight to be real, open agent scaffolding, an open rule engine, and auditable decision and trace logs are required. For organizations with high stakes (banks, hospitals, critical infrastructure), this means the ability to inspect monitoring systems, fine-tune on their own data, implement custom oversight mechanisms, and operate within an internal environment — without sending sensitive data to external AI providers. The authors conclude that the future of cybersecurity will be shaped by ecosystems, not individual models, and openness is the only path that gives defenders visibility, control, and shared infrastructure to stay ahead of attackers.