OpenSSF's CRob on why open source security is still a people problem - and why AI is making it worse before it makes it better

Christopher "CRob" Robinson has been in technology long enough to have replaced thin net cable with cat five and installed TCP/IP on lawyers' desktops. That foundational understanding of how systems interconnect is, he argues, what makes AI-driven threats so dangerous – and what the current security conversation is missing.

Robinson is the Chief Security Architect and Chief Technology Officer (CTO) at the Open Source Security Foundation (OpenSSF). In an interview at KubeCon Europe 2026 in Amsterdam – picking up a conversation from last year's Open Source Summit – he doesn't waste time on preamble:

What we're going through today with AI is bananas. The fact that MCP and agentic didn't exist a year ago, and now agentic is the only thing people are talking about – it's insane.

The maintainer inbox problem

This is already happening. AI-generated vulnerability reports are piling up in maintainers' inboxes, and the nature ...