Politico: “Hackers affiliated with the governments of China, Russia and Iran are directly contributing code to popular open source software”

Strider’s report—Lying in Wait: Understanding the Contributors Behind Open Source Code—which details how OSS platforms are increasingly weaponized by advanced persistent threat (APT) groups at the contributor level was featured in Politico's weekly cybersecurity newsletter.

Politico

By: Dana Nickel (with help from Maggie Miller) | August 4, 2025

Hackers affiliated with the governments of China, Russia and Iran are directly contributing code to popular open source software that underlies massive amounts of the world’s internet, according to new findings from threat intelligence group Strider.

According to a report released by Strider today, more than 21 percent of contributors to OpenVINO GenAI — a coding repository key to running generative AI — were found to be affiliated with or had work relationships with nation-state adversaries to the U.S. A few contributors were found to have worked for companies sanctioned by the U.S. government.

“Open source software platforms are the backbone of today’s digital infrastructure, yet in many cases it’s unclear even who is submitting the code,” Greg Levesque, CEO and co-founder of Strider, said in a statement. “In turn, nation states like China and Russia are exploiting the visibility gap.”