AI

Why the AI Policy Debate Should Focus More on the Harness and Protocol Layers

Tech Policy Press
Tech Policy PressJun 3, 2026

Why It Matters

Ensuring AI‑driven security tools are openly accessible prevents a monopoly over digital safety, protecting both innovation and the public interest.

Key Takeaways

  • AI security shifts: code writing easy, bug finding now automated
  • Open‑source generosity under threat; vulnerabilities discovered at scale
  • Rent‑vs‑own model: AI services leased, not controlled by users
  • Proposed solution: fund open‑source bug‑fixing via AI tools
  • Goal: universally secure software, not limited to privileged vendors

Summary

The conversation between Justin Hendrickx and Mozilla CTO Rafi Greorian centers on a pivotal shift in software security: while AI has made writing code trivial, it has simultaneously democratized bug discovery, turning vulnerability hunting into a commodity. Greorian cites Anthropic’s Mythos tool, which exposed countless hidden flaws in legacy open‑source projects like Firefox, illustrating how the balance between code creation and defect detection has tipped dramatically.

Key insights include the fragility of the internet’s underlying generosity—open‑source contributions that power critical infrastructure—and the risk that this goodwill is being eroded as powerful AI models enable rapid exploitation. Greorian argues that the prevailing "rent" model—pay‑for‑access AI services—misaligns incentives, leaving users dependent on a few providers for both functionality and security.

He proposes a counter‑measure: channeling significant funding from AI firms into open‑source communities to accelerate bug remediation using advanced tools like Mythos. By treating security as a public good rather than a premium feature, the ecosystem could achieve a steady state where software is secure by design and universally accessible.

The broader implication is a call to reframe AI policy from restricting access to fostering collaborative ownership. If stakeholders adopt an "owners, not renters" mindset, the industry can move toward a more equitable, resilient digital environment where security is baked in and not sold as an add‑on.

Original Description

Raffi Krikorian, the chief technology officer of Mozilla, has spent the past few months building an argument that the central question in AI isn't open versus closed, but owning versus renting—whether AI becomes something we control or something we lease from a handful of companies. A technologist by background with stops at Twitter, Uber, and the Democratic National Committee, he writes about all of this in his newsletter, Owners Not Renters (https://newsletter.ownersnotrenters.com/) , and in other outlets, most recently in a New York Times op-ed (https://www.nytimes.com/2026/04/15/opinion/mythos-open-souce-internet.html) on what he called the "Mythos moment."
Justin Hendrix spoke to him about the idea that generosity is the hidden infrastructure of the internet, how to expand access to powerful AI tools rather than closing it down for security's sake, how to overcome misaligned incentives to build a better information environment, how to counter surveillance, and why those concerned with AI governance should spend more time thinking about the protocol and harness layers.

Comments

Want to join the conversation?

Loading comments...