aisecurity.llc
The Builder Vacuum
GHArchive tracking shows 99.4% of 2,500 tracked repos are unclassified — not AI-security-specific. Job descriptions demand 'AI-native security tooling,' but the open-source ecosystem barely exists. The Tool Incumbency Trap (30:1 legacy vs AI-native) isn't just preference or inertia: the alternative tools haven't been built yet. Practitioners are being hired to implement controls that don't have reference implementations. Incumbents stay dominant not by lock-in, but because the vacuum is real.
Open-source tooling gap
What this finding measures
GHArchive tracking shows 99.4% of 2,500 tracked repos are unclassified — not AI-security-specific. Job descriptions demand 'AI-native security tooling,' but the open-source ecosystem barely exists. The Tool Incumbency Trap (30:1 legacy vs AI-native) isn't just preference or inertia: the alternative tools haven't been built yet. Practitioners are being hired to implement controls that don't have reference implementations. Incumbents stay dominant not by lock-in, but because the vacuum is real.
Classified AI security repos
0.6% of tracked repos
Chart targets
- chart_external_gharchive_repos_first_seen_per_month
- chart_external_gharchive_event_type_distribution
- chart_external_gharchive_unique_actors_by_bucket
Active filters: period=all, industry=all, seniority=all
Evidence charts
Current chart outputs for this finding
GH Archive New Repositories by Month
No rows matched current filters or export rows are not populated yet.
chart_external_gharchive_event_type_distribution
Chart contract is missing from the public chart catalog.
GH Archive Unique Actors by Bucket
No rows matched current filters or export rows are not populated yet.
Recommended actions
What leaders should do next
Browse the full citation library for supporting research and source quotes.
Evidence library →