Doesn't seem very inclusive. Seems to be another layer to centralize the inbound vulns, gather intelligence and handle them in secret.

It may also turn into another source of pressure. Maybe they manage to sort out the real vulns, but then they come in as high priority to the maintainers.

Many maintainers are already exhausted from their normal work, sans AI noise. Even if they supply fixes, it still requires review.

In best case they could reduce noise but the work is still there. The industry needs to generally fund OS projects to give them the agency to handle it on their own. That's is likely best for quality. If there is still need to filter AI noise then they can add that, but not as a secret opaque thing that controls it all.

You can even shorten that. This is some corporate hollo-bollers takes-your-time-and-gives-nothing-in-return fakery-roo.

> exactly the opposite of what the hacker ethics promotes for good reasons.

Yup. Seems kind of like those zombie plants in the movie "Invasion of the Body Snatchers" (the first remake; though the original is also great, but it was more about communism as threat, whereas the first remake added a bit of alien horror motifes).