Re: Fedora: Inaccurate and apparently-unsupervised actions by agentic AI system under your control
On Wed, 2026-05-27 at 21:22 +0200, nathan wrote:
Hi,
thank you for the update. I confirm that my credentials were compromised earlier and that I was not the one performing the actions observed by the AI system.
Fortunately, I was able to regain access to both my GitHub and Fedora accounts later in the evening, and I am currently securing and reviewing all involved systems and credentials.
I will personally handle the verification and review process. To help identify accounts and actions that have been directly verified by me, I will use the term “NATCIOS” to indicate anything I have personally verified.
Also, please note that my official GitHub account is nathangiovannini99.
Thank you all for your support and for the additional reviews.
Thanks. I note that GitHub account was created an hour ago. I also can't help noticing your recent mails (this one, and the one you sent to me privately) do not read much like previous emails you have sent, and have fairly different header blocks. I can't help but suspect these emails are also LLM-generated or assisted. By whom and to what purpose, it's hard to guess. The following scenarios seem possible:
1) You are Nathan, and the situation is as you claim: some of your credentials were compromised and used in the operation of this system, but you are now back in control. 2) You are Nathan, but there was not actually an account compromise; you were in control of the accounts and the agentic system all along. 3) You are not Nathan, you are an attacker who is still in control of his email address and other accounts.
I don't know which of these is true and don't feel qualified to determine it. I apologize for any offence caused by my noting that scenario 2) is a possibility, but we do have to be clear-eyed in figuring out what's actually going on here.
The identity and security aspects of this whole situation feel a little beyond my area of expertise at this point; if others could help out, it'd be great.
Here's my current understanding of the situation:
* I've reviewed all activity in RHBZ by the nathan95 account this year: https://bugzilla.redhat.com/page.cgi?id=user_activity.html&action=run&am... . The first suspicious activity appears to date to 2026-04-07 - severity and priority changes to https://bugzilla.redhat.com/show_bug.cgi?id=2416721 with no obvious justification. The last activity before 2026-04-27 was in January and appears legitimate. The first instance of a bug's assignee being changed to the nathan95 account was https://bugzilla.redhat.com/show_bug.cgi?id=2469013 on 2026-05-12 and suspicious activity occurred regularly after that. I have taken appropriate actions on each affected bug and upstream issues / PRs if any were linked.
* Related PRs were created on GitHub by the accounts https://github.com/leurus27-boop and https://github.com/nathan9513-aps . Both accounts should likely be treated as suspicious. I will report both to GitHub shortly.
* A related MR was created on invent.kde.org by the account https://invent.kde.org/nathangiovannini , which again should be treated as suspicious, and which I will report.
* I have not reviewed any actions taken by any of the involved accounts which were not somehow related to Bugzilla, yet. We should probably look through anything else we can track the nathan95 account as having done in Fedora systems, and other things done by the associated GitHub accounts (or at least flag up that projects they have touched should review them).
On Wed, 2026-05-27 at 13:08 -0700, Adam Williamson wrote:
- I've reviewed all activity in RHBZ by the nathan95 account this year:
https://bugzilla.redhat.com/page.cgi?id=user_activity.html&action=run&am... . The first suspicious activity appears to date to 2026-04-07 - severity and priority changes to https://bugzilla.redhat.com/show_bug.cgi?id=2416721%C2%A0with no obvious justification. The last activity before 2026-04-27 was in January and appears legitimate. The first instance of a bug's assignee being changed to the nathan95 account was https://bugzilla.redhat.com/show_bug.cgi?id=2469013%C2%A0on 2026-05-12 and suspicious activity occurred regularly after that. I have taken appropriate actions on each affected bug and upstream issues / PRs if any were linked.
- Related PRs were created on GitHub by the accounts
https://github.com/leurus27-boop%C2%A0and https://github.com/nathan9513-aps . Both accounts should likely be treated as suspicious. I will report both to GitHub shortly.
- A related MR was created on invent.kde.org by the account
https://invent.kde.org/nathangiovannini%C2%A0, which again should be treated as suspicious, and which I will report.
- I have not reviewed any actions taken by any of the involved accounts
which were not somehow related to Bugzilla, yet. We should probably look through anything else we can track the nathan95 account as having done in Fedora systems, and other things done by the associated GitHub accounts (or at least flag up that projects they have touched should review them).
Sorry, forgot to mention, very important: nothing I found so far looks outright *malicious*.
On 5/27/26 10:13 PM, Adam Williamson wrote:
Sorry, forgot to mention, very important: nothing I found so far looks outright *malicious*.
even if it isn't malicious it may still very well be an unsupervised automated system that we cannot control or reason with.
As others already said the account should be locked at least until the situation is cleared up.
On Wed, May 27, 2026 at 10:21:53PM +0200, Jan Drögehoff wrote:
On 5/27/26 10:13 PM, Adam Williamson wrote:
Sorry, forgot to mention, very important: nothing I found so far looks outright *malicious*.
even if it isn't malicious it may still very well be an unsupervised automated system that we cannot control or reason with.
As others already said the account should be locked at least until the situation is cleared up.
The account was removed from the only groups it was in already.
We can definitely lock it if things continue, but it should no longer have any permissions to reassign / close / whatever bugs.
kevin
On Wed, 2026-05-27 at 13:13 -0700, Adam Williamson wrote:
On Wed, 2026-05-27 at 13:08 -0700, Adam Williamson wrote:
- I've reviewed all activity in RHBZ by the nathan95 account this
year: https://bugzilla.redhat.com/page.cgi?id=user_activity.html&action=run&am... . The first suspicious activity appears to date to 2026-04-07 - severity and priority changes to https://bugzilla.redhat.com/show_bug.cgi?id=2416721%C2%A0with no obvious justification. The last activity before 2026-04-27 was in January and appears legitimate. The first instance of a bug's assignee being changed to the nathan95 account was https://bugzilla.redhat.com/show_bug.cgi?id=2469013%C2%A0on 2026-05-12 and suspicious activity occurred regularly after that. I have taken appropriate actions on each affected bug and upstream issues / PRs if any were linked.
- Related PRs were created on GitHub by the accounts
https://github.com/leurus27-boop%C2%A0and https://github.com/nathan9513-aps . Both accounts should likely be treated as suspicious. I will report both to GitHub shortly.
- A related MR was created on invent.kde.org by the account
https://invent.kde.org/nathangiovannini%C2%A0, which again should be treated as suspicious, and which I will report.
- I have not reviewed any actions taken by any of the involved
accounts which were not somehow related to Bugzilla, yet. We should probably look through anything else we can track the nathan95 account as having done in Fedora systems, and other things done by the associated GitHub accounts (or at least flag up that projects they have touched should review them).
Sorry, forgot to mention, very important: nothing I found so far looks outright *malicious*.
Indeed, and as part of the team working on the Anaconda installer I still find the whole situation really problematic:
* we spend quite a lot of time reviewing the PRs from what initially looked like a new eager contributor * while it started to look off after a while, all the replies were still like this - a bit weird, but still *plausible* (eg. no arguing or ignoring our questions - just as it turns out AI generated slop basically :P)
Unfortunately, for an actual attack the preparatory phase could (and for the Xz attack did) look very similar - a new contributor slowly gaining trust in the community, getting in harmless changes and building up to the point when the attack payload can be injected (or the changes not actually being harmless if combined the right way).
So not saying this was it, but an AI agent automated attempt at a Xz like compromise might really look very similar what we have just seen here. :P
-- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org https://www.happyassassin.net
Once upon a time, Adam Williamson adamwill@fedoraproject.org said:
I don't know which of these is true and don't feel qualified to determine it. I apologize for any offence caused by my noting that scenario 2) is a possibility, but we do have to be clear-eyed in figuring out what's actually going on here.
The brand-new Github feels suspicious to me.
At a minimum, I think all Fedora-related access should be locked until more can be determined.
-- Gwyn Ciesla she/her/hers ------------------------------------------------ in your fear, seek only peace in your fear, seek only love -d. bowie
Sent with Proton Mail secure email.
On Wednesday, May 27th, 2026 at 3:16 PM, Chris Adams linux@cmadams.net wrote:
Once upon a time, Adam Williamson adamwill@fedoraproject.org said:
I don't know which of these is true and don't feel qualified to determine it. I apologize for any offence caused by my noting that scenario 2) is a possibility, but we do have to be clear-eyed in figuring out what's actually going on here.
The brand-new Github feels suspicious to me.
At a minimum, I think all Fedora-related access should be locked until more can be determined.
I strongly agree.
-- Chris Adams linux@cmadams.net -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
-
Adam Williamson -
Chris Adams -
Gwyn Ciesla -
Jan Drögehoff -
Kevin Fenzi -
mkolman@redhat.com