AI/LLM commits and Tor security

Dear tor project,

I’m a somewhat regular TOR user. I saw this:

I’m also a coder, and AIs seem notably worse at introducing bugs even with human review https://medium.com/@dumaysacha/i-saw-the-horror-of-ai-and-coderabbit-ai-did-too-a09622ac85de A Grim Truth Is Emerging in Employers' AI Experiments which doesn’t seem surprising given AI seems to lack the most fundamental logical reasoning abilities: https://machinelearning.apple.com/research/illusion-of-thinking and AI agents seem to badly paper over that with a while loop.

This is the last thing that seems like a good idea for a highly attacked, highly security relevant code base like TOR.

I’m not a contributor so I’m not in a position to tell you what to do. I can merely express my concerns. I would also like to note that an LLM code ban, while not 100% enforceable, can greatly reduce contributors daring to do so and therefore greatly reduce the hidden bugs inserted by LLMs. There are also many high-profile projects, e.g. SDL and Qemu (both I think C/C++) with LLM code bans.

Best regards

In the same line about AI.

Bottom line: “… the best defence is to remember what AI actually is: a tool that confidently gives you one answer, whether it’s right or wrong. Just because it looks like a giant tech company is speaking to you instead of some random website doesn’t mean you should have faith.”

This is horrible, please don’t do this. LLMs give out convincing-looking answers without (and unable to) verify their correctness.

Tor’s reliability is fundamental to people living under all kinds of repressions, please don’t let LLMs write code that ends up in Tor’s repository.