aisecurity.llc
The Builder Vacuum
GHArchive tracking shows 99.4% of 2,500 tracked repos are unclassified — not AI-security-specific. Job descriptions demand 'AI-native security tooling,' but the open-source ecosystem barely exists. The Tool Incumbency Trap (30:1 legacy vs AI-native) isn't just preference or inertia: the alternative tools haven't been built yet. Practitioners are being hired to implement controls that don't have reference implementations. Incumbents stay dominant not by lock-in, but because the vacuum is real.
Open-source tooling gap
What this finding measures
GHArchive tracking shows 99.4% of 2,500 tracked repos are unclassified — not AI-security-specific. Job descriptions demand 'AI-native security tooling,' but the open-source ecosystem barely exists. The Tool Incumbency Trap (30:1 legacy vs AI-native) isn't just preference or inertia: the alternative tools haven't been built yet. Practitioners are being hired to implement controls that don't have reference implementations. Incumbents stay dominant not by lock-in, but because the vacuum is real.
Classified AI security repos
0.6% of tracked repos
Chart targets
- chart_external_gharchive_repos_first_seen_per_month
- chart_external_gharchive_event_type_distribution
- chart_external_gharchive_unique_actors_by_bucket
Active filters: period=all, industry=all, seniority=all
Evidence charts
Current chart outputs for this finding
chart_external_gharchive_repos_first_seen_per_month
Chart contract is missing from the public chart catalog.
chart_external_gharchive_event_type_distribution
Chart contract is missing from the public chart catalog.
chart_external_gharchive_unique_actors_by_bucket
Chart contract is missing from the public chart catalog.
Recommended actions
What leaders should do next
Browse the full citation library for supporting research and source quotes.
Evidence library →