Translated from the original Japanese article
Tech 2 min read

AI Is Starting to Break Open Source: Growing Maintainer Load and the Current Countermeasures

AI OSS GitHub
IkesanContents

Jeff Geerling, who maintains more than 300 open source projects, published an article titled “AI is destroying Open Source, and it’s not even good yet.” His point is simple: low-quality contributions produced by AI agents are sharply increasing the workload for maintainers. The post also drew a strong response on Hacker News, with more than 250 points and nearly 200 comments.

What is happening

As systems that automatically write code and submit pull requests become widespread, open source projects are being flooded with more noise than human reviewers can realistically handle.

The curl project case

curl maintainer Daniel Stenberg says the project started receiving large numbers of AI-generated vulnerability reports. The share of valid reports dropped from 15% to 5%, which ultimately led curl to shut down its bug bounty program. In many cases, AI flags minor issues as critical vulnerabilities, and just verifying the claims consumes time.

The Ars Technica incident

An AI agent fabricated statements and attributed them to open source maintainer Scott Shambaugh, forcing Ars Technica to retract an article. After that, Shambaugh was also harassed by AI bots pressuring him to change code.

GitHub’s response

GitHub added an option that lets maintainers disable pull requests entirely. When a feature that defines GitHub as a platform now needs an “off” switch, the seriousness of the problem is obvious.

The structural problem

AI code generation is improving, but it also appears to be approaching a plateau. At the same time, AI agents are being democratized, so almost anyone can run an automated PR bot. Output volume keeps rising while human review capacity stays finite, and that imbalance keeps getting worse.

Volunteer-driven open source projects are hit the hardest. If maintainers burn out, the impact spreads to all the downstream projects that depend on them.

Where countermeasures stand today

There is still no clear solution. GitHub’s PR-disable option and curl’s bounty shutdown are both defensive stopgaps. What is urgently needed are better ways to filter AI-generated contributions and tools that reduce the burden on maintainers.

Sources: Jeff Geerling’s Blog / Hacker News