In this interview from KubeCon + CloudNativeCon EU, Christopher "CRob" Robinson, CTO of the Open Source Security Foundation (OpenSSF), joins Greg Kroah-Hartman, Linux kernel maintainer, to talk with theCUBE's Rob Strechay and Paul Nashawaty about how the explosion of AI-generated bug reports is reshaping open source security — and the major industry coalition mobilizing to address it. Robinson details a new OpenSSF initiative backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft and OpenAI to secure the rapidly expanding AI ecosystem. Kroah-Hartman reveals that after months of obvious "AI slop," a recent shift in tool quality means maintainers are now receiving legitimate AI-generated vulnerability reports, creating an unprecedented volume of work for core infrastructure projects. The new funding aims to provide developers with token credits, integrated tooling and AI-assisted triage to manage the flood. The conversation also explores the European Cyber Resilience Act, which requires manufacturers to perform vulnerability management and ship software bills of materials starting September 2025. Kroah-Hartman explains how OpenSSF's best practices badge gives downstream companies a reliable signal that an open source project meets security and compliance standards — a critical differentiator as regulatory pressure intensifies. Robinson highlights how the convergence of CRA compliance obligations and AI-accelerated discovery could overwhelm maintainers with thousands of duplicate patches from organizations facing severe financial penalties. OpenSSF is responding on multiple fronts, from publishing an MLSecOps white paper and launching a free class on secure vibe coding to designing AI-powered advisors that consolidate similar pull requests and surface the strongest candidates for review. From educating upstream developers on identity, access and data handling fundamentals to helping enterprises avoid the security pitfalls of rushing agentic AI into production, the discussion underscores why open source governance must evolve at the same velocity as the tools reshaping it.