IBM - International Business Machines Corporation

06/06/2025 | News release | Archived content

AI and open-source software development: Promises and pitfalls

Despite aiding in the peripheral parts of open-source development, AI can also hamper the process.

"There's a level of rigor that open-source maintainers have to maintain that is exhausting. And some people are just abusing open-source maintainers with creating 'AI slop' that doesn't do anything or breaks projects," says Asghar.

Seth Larson, security developer-in-residence at the Python Software Foundation, echoes Asghar's sentiment in a recent blog post, writing that he has "noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open-source projects," also pointing to other similar findings. And while Larson observes that these reports appear to be legitimate at first, further investigation uncovers them to be false positives, wasting the time and effort maintainers could have allotted to more vital work.

"The overhead in the open-source community of AI trash being upstreamed is crippling to some projects, to the point where actual things can't get done," Asghar says.

The problem lies in AI lacking the needed context for open-source projects, thereby generating pull requests that seem correct but might actually break the codebase. This means that both human oversight and developer expertise are still crucial, particularly with matters involving security in open-source software.

AI also falls short in coming up with the right solution for deeper, more complex issues. As Kralj says in the AI in Action podcast, generative AI can suggest constructs that might work but "will make code unmaintainable [or] incomprehensible, and it is not a good code to then actually commit. Code is an extremely human collaborative thing [and it] needs to be understandable for generations."

And while he considers generative AI to be a powerful tool, it "is not replacing the creativity that we still expect from human developers to shine through."

IBM - International Business Machines Corporation published this content on June 06, 2025, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on June 17, 2025 at 20:59 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at support@pubt.io