AI as an Open Source Attack Vector, Not Just a Tool
The Ladybird browser project announced it is fundamentally changing how it handles contributions, specifically because AI-generated PRs are being used to establish plausible contributor histories before submitting malicious code. This is a new threat model: not spam, not slop, but deliberate long-game social engineering using AI to fake trustworthiness. The community response in the thread ranged from sadness to resignation, with several commenters noting they had not seen this angle articulated before even though it was, in retrospect, inevitable.
On the same day, a separate thread asked whether Claude increased bugs in rsync. The discussion was pointed: the developers who merged untested code are responsible, yes, but the pattern of AI-written patches slipping through review is now a documented phenomenon, not a hypothetical. These two threads are not the same story, but they are the same problem from opposite ends. One is about intent, the other is about negligence, and both erode trust in AI-assisted contribution.
The counterpoint raised in the rsync thread is valid: poor testing and review processes predate AI. But the volume and plausibility of AI-generated code changes the economics of review in a way that makes existing processes brittle.
So what?
If you maintain an open source project, your threat model now includes adversarial contributors using AI to build fake track records. Audit recent contributors with unusual PR velocity. If you are shipping code that uses open source dependencies, the upstream review quality you assumed is no longer guaranteed, so your own review process needs to compensate.