How is AI helping open-source programmers 'do everything themselves'?

Much of today's software infrastructure is based on open source. Many people think that important projects always have large teams and are funded by businesses. However, the reality is quite the opposite.

 

According to Josh Bressers, Vice President of Security at Anchore, out of 11.8 million current open-source projects, as many as 7 million are maintained by a single person . Even within the NPM ecosystem, approximately half of the 13,000 most popular packages (downloaded over 1 million times per month) have only one maintainer.

In other words, a great deal of the world's critical software depends on… a single individual. This clearly poses a significant risk.

When AI truly starts to 'know how to code'

In the context of a labor shortage, the open-source community is turning to AI as a supporting solution. Notably, AI programming tools have improved significantly recently.

According to engineer Greg Kroah-Hartman – one of the Linux kernel maintainers – AI-generated security reports used to be of very poor quality. But in a short time, things have changed. AI reports are now 'really useful and reliable,' and many open-source projects are starting to take advantage of them.

 

However, this doesn't mean AI will replace big names like Linus Torvalds. Instead, AI will play a supporting role in cleaning up and improving old code, maintaining less-regarded projects, and especially optimizing and fixing bugs faster.

Can AI 'revive' abandoned projects?

Many experts believe this is entirely possible. Engineer Dirk Hondhel (Verizon) argues that AI isn't yet fully self-maintaining, but at its current rate of development, this could happen in the near future. Meanwhile, Stan Lo – a Ruby maintainer – says AI has helped him with many tasks such as writing documentation, refactoring code, and debugging. This fact also raises the question: could AI create a new generation of maintainers?

A notable example is the ATLAS project, which uses AI to convert legacy codebases to modern languages. This opens up the possibility of 'reviving' a large number of legacy software programs that are still in use but difficult to maintain.

AI is still just a tool, not a replacement for humans.

Despite its great potential, the use of AI in open-source software also brings with it many problems. One of the biggest controversies is intellectual property rights. If AI can rewrite code from an open-source project, will that result be allowed to be transferred to a commercial license?

A practical example is the Python chardet library , when a new version was rewritten using AI and transferred to the MIT license. This caused significant controversy with the original author.

Furthermore, the open-source community also faces 'AI slop' – pull requests and bug reports generated by AI but of poor quality. Daniel Stenberg, the author of cURL, stated that maintainers are 'overwhelmed with AI garbage'. Some projects have even had to shut down because they couldn't handle this amount of spam.

Even those open to AI warn that AI-generated code can be difficult to maintain if not properly managed.

AI can write code very quickly, but understanding, debugging, and ensuring quality still require human expertise. When the system fails – and that will inevitably happen – AI cannot replace the experience of a programmer.

To support the community, organizations like the Open Source Security Foundation are providing free AI tools to maintainers, helping them handle their increasing workload.

AI is becoming a powerful tool for the open-source community, especially in the context of manpower shortages and a massive amount of legacy code. However, for AI and open source to truly 'cooperate seamlessly,' many issues remain to be addressed — from code quality and legal aspects to the proper use of AI.