The rise of AI leads to an increase in low-quality code submissions to OSS projects, and Ghostty developers have launched a system to manage contributor credibility.

With the spread of AI-powered coding tools, open source projects like VLC and Blender are seeing an increase in low-quality code submissions. To combat this, systems are being developed to manage the trustworthiness of contributors.

GitHub - mitchellh/vouch: A community trust management system based on explicit vouchers to participate.
https://github.com/mitchellh/vouch

For open source programs, AI coding tools are a mixed blessing | TechCrunch
https://techcrunch.com/2026/02/19/for-open-source-programs-ai-coding-tools-are-a-mixed-blessing/

While AI coding tools are extremely useful, they often generate inappropriate code and require human review to be used effectively. However, open source projects that accept code contributions are increasingly seeing low-quality code and reports submitted without human review. In the case of the download tool 'cURL,' the number of low-quality vulnerability reports generated by AI has skyrocketed, placing an increased burden on security personnel and forcing the suspension of the bug bounty program.

cURL suspends bug bounty program due to a series of low-quality vulnerability reports by AI - GIGAZINE

According to TechCrunch, Jean-Baptiste Kemp, lead developer of the video playback software 'VLC,' acknowledged the benefits of AI coding tools, but said, 'AI tools are for experienced developers,' and criticized the receipt of merge requests for low-quality AI-generated code. Francesco Sidi, CEO of the 3DCG tool 'Blender,' also criticized contributors who simply send AI-generated code, saying, 'Contributions using large-scale language models (LLMs) generally waste reviewers' time and reduce their motivation.'

In open source projects, the basic premise is to 'trust contributors,' but Mitchell Hashimoto, developer of the terminal emulator 'Ghostty,' points out that 'the advent of AI tools has dramatically changed the situation. People can now easily create extremely low-quality code that looks plausible at first glance without understanding the code at all. The minimal barrier to entry of simply submitting changes is no longer enough to trust contributors.' He is developing a system called 'Vouch' to manage the trust of contributors.

Vouch allows development projects to 'vouch' or 'denounce' contributors, ensuring that time is dedicated only to contributors who are guaranteed to deliver high-quality code.

'Vouch' system to maintain the quality of open source against the rapid increase in AI users who generate low-quality code - GIGAZINE

Friction can also arise between well-known projects and large corporations over AI and open source projects. For example, the development team of the multimedia framework FFmpeg expressed frustration with the situation where Google boasts about its ability to find vulnerabilities in its AI and sends out a flood of inconsequential bug reports.

FFmpeg criticizes Google for using AI to report large numbers of bugs, saying it is 'pushing work onto volunteers' and 'just wants to create a track record of detection and reporting' - GIGAZINE