Open-source software projects are facing a transformation like few others, with the advent of artificial intelligence (AI) coding tools. While these tools can simplify the development process, experts warn that they may introduce challenges that could undermine the quality and security of projects. Notably, developers like Jean-Baptiste Kempf and Daniel Stenberg have expressed mixed feelings about the efficacy of AI tools in enhancing open-source coding practices.
Kempf sees the immediate, transformative power of AI in VLC, the widely used open-source media player. … now, with the advent of AI tools, a seasoned developer can more easily develop new modules. At the same time, he warned that the benefits are not widely shared. That’s the problem, he said, very different large companies to open-source projects. While excited about the potential of these AI tools, he stresses that their usefulness is reserved for advanced programmers.
In our recent conversation, Stenberg pointed out the effects AI has had on security defenses in open-source projects. Looking back on the industry as a whole, here’s what he had to say: “In the old days, someone really focused a great deal of time on the security report. Stenberg’s comments came after cURL — the data transfer program he founded — shut down its bug bounty program. The end of the shutdown came after an overwhelming deluge of such submissions, which he has called “AI slop.” While this has created a flood of low-quality submissions, it has made many developers fearful of the AI-generated code’s efficacy.
The Challenges of AI in Open Source
Konstantin Vinogradov, an open-source investor, points out that AI tools are confronting a long-standing issue in open-source engineering: a shortage of skilled maintainers. “AI does not increase the number of active, skilled maintainers,” he noted. This reality places a tremendous burden on our current capacity. Projects are challenged to uphold standards of quality as they face the overwhelming flow of automated submissions.
Vinogradov went on to describe the hurdles. He explained that while AI often has the potential to supercharge talented developers, it doesn’t solve many of the core issues that lead to broken open-source projects. “AI empowers the good ones, but all the fundamental problems just remain,” he remarked. It’s a sentiment echoed by many in the open-source community. They worry that pursuing AI too vigorously could lead to complacency in addressing the deeper systemic problems.
Mitchell Hashimoto has put forth various solutions to address some of these challenges. He released a system whereby GitHub contributions are only allowed from “vouched” users. This step would mark the de facto end of the open-door policy that has historically characterized open-source software development. Hashimoto makes the case that AI has “removed the natural barrier to entry that allowed OSS projects to trust by default. This decision is a commendable step toward re-instilling a bit of quality control and making sure that dollars go toward the most trusted contributors.
Anticipating the Era of Cheap Code
The growing integration of AI tools signals the advent of an era of cheap code, which may present opportunities for many open-source projects. Industry observers expect this trend to supercharge new businesses. Instead, they’ll make features of gargantuan, cumbersome Software as a Service (SaaS) platforms even easier to completely copy. As with all new technologies, experts caution that these tools — while promising great efficiencies and more — must not be turned to as a fix-all.
Kempf argues that open-source software projects that employ agents to meet resource constraints will be at the forefront of this new age. They should be some of the first to enjoy them. He’s a firm believer that AI can be an incredible resource, but only when leveraged correctly by informed makers. He cautions that we shouldn’t become over-reliant on these tools without appropriate human oversight.
Our community continues to be split on how we should be navigating this rapidly changing world. Francesco Siddi expressed disappointment on how contributions are progressing so far. He underscored that poor submission quality has squandered reviewers’ time and demoralized them. He added that such practices are “neither mandated nor recommended for contributors or core developers.”