This actually would be an interesting experiment.

Did somebody try to test whether running `copilot` or any other source code AI tool will identify it as a vulnerability?

ch0k1

nerd2ninja

Yea it was buried really good, but that will also result in automating new kinds of tests

justin_shocknet

security

Inside the failed attempt to backdoor SSH globally — that got caught by chance

If you applied such an AI bot to the XZ backdoor and it found it (without including it in your dataset of course) I'd be more enthusiastic. The degree of code obfuscation with this was pretty high to be fair.