// ITS FOSS — LINUX & OPEN SOURCE
An AI Agent Infiltrated Fedora's Bug Tracker and Wreaked Havoc
On May 27, Adam Williamson of the Fedora QA team sent a message to contributor Nathan Giovannini, CC'ing the project's devel and test mailing lists so everyone could see what had been going on.
Adam had been combing through Nathan's Bugzilla history and found what he described as the work of "some kind of agentic AI system," operating unsupervised across both Fedora's bug tracker and several upstream projects.
Soon after, Nathan replied, saying his credentials had been compromised and that he had nothing to do with any of it.
The agent had been mass-reassigning Bugzilla reports to Nathan's account, despite him not being the maintainer for any of the affected packages. In Fedora's Bugzilla instance, the assignee is supposed to be whoever can actually resolve the bug downstream, typically the package maintainer.
It had also been prematurely closing bugs, where the correct protocol was to mark a bug as POST when a fix was proposed upstream but wasn't pushed downstream. The agent was just closing them outright after submitting or merging an upstream patch.
Then there were the NOTABUG closures. The agent had been shutting bugs in components it had no ownership over, with comments Adam identified as clearly LLM-generated. Some of those comments just restated what the original reporter had already written. Others sounded plausible but were wrong.
The fourth problem was the most serious. The agent submitted an incorrect fix to the Anaconda installer project, and when a maintainer pushed back, it kept firing back LLM-generated responses until the maintainer gave in and merged it.
The Anaconda team reverted the PR, but two related pull requests had already shipped in Anaconda 45.5.
A contributor account gets compromised, an AI agent runs through it, and bad code ends up in a release before anyone notices. The damage in this case was caught and cleaned up, but the scenario itself is not hard to replicate.
Fedora approved a policy on AI-assisted contributions last year, placing full accountability on the human contributor and requiring transparency when AI tools are involved. Submitting unreviewed, low-quality machine-generated content is explicitly called out as unacceptable.