Latest news
Newsletter

AI slop is overwhelming open source

Today: How two open-source projects are trying and failing to manage a deluge of AI contributions, OpenAI matches Microsoft's energy pledge, and the latest enterprise moves.

Tom Krazit
AI slop is overwhelming open source
Photo by Pankaj Patel / Unsplash
4 min read

Welcome to Runtime! Today: How two open-source projects are trying and failing to manage a deluge of AI contributions, OpenAI matches Microsoft's energy pledge, and the latest enterprise moves.

Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week, and if you value independent enterprise tech journalism, click the button below and become a Runtime supporter today.

Become a Runtime Supporter

Garbage collection

The open-source software movement has gone through seismic changes in recent years, with the rise of "source-available" licenses buttressing commercial vendors and the increasing professionalization of what was once a grassroots movement. But as AI coding assistants become mainstream, open-source projects are facing a new challenge.

Two prominent open-source projects recently decided they'd seen enough poor-quality AI-generated submissions to put new limits on how they deal with that code. As if managing an important open-source project without a lot of resources wasn't hard enough already, maintainers of the two projects — curl and LLVM — said they are being forced to wade through an ever-increasing amount of slop in order to find truly useful contributions.

  • curl is a data-transfer tool and software library that "is used daily by virtually every Internet-using human on the globe," according to its home page.
  • For months lead maintainer Daniel Stenberg has been complaining about AI-generated attempts to cash in on the project's bug bounty system, a popular way of encouraging developers to help project maintainers patch vulnerabilities.
  • Last week he reached a breaking point, informing curl contributors that he will be winding down the project's bug bounty system, which was run through HackerOne.
  • "The main goal with shutting down the bounty is to remove the incentive for people to submit crap and non-well researched reports to us. AI generated or not," Stenberg posted to a curl mailing list, as noted by The Register.

LLVM is a widely used collection of compiler technologies and associated software libraries, and the project's maintainers have also been struggling to manage a flood of low-quality submissions generated by AI coding assistants and agents. This week it too decided it had seen enough.

  • LLVM isn't banning AI-generated contributions, but it is instituting a "human-in-the-loop" policy that requires authors to stand behind the quality of their code and disclose if they used AI to generate that code.
  • "Nuisance contributions have always been an issue for open-source projects, but until LLMs, we made do without a formal policy banning such contributions," LLVM maintainers wrote this week.
  • Some members of the LLVM community questioned if the new policy goes far enough: "I’m vastly in favor of changing our AI policy to just disallow it," one said, as noted by DevClass.

AI-generated code is here to stay, and while individual companies can set policies regarding how that code is submitted and reviewed for internal projects, community organizations are in a much more difficult position. They desperately need more contributors to help maintain projects that are vital to the world's software infrastructure, but they also need to maintain quality or those projects will suffer.

  • Last year at Black Hat security researchers from XBOW explained how they built a penetration-testing AI agent that rose to the top of HackerOne's bug bounty leaderboard, and the secret was to use "a deterministic validation approach" to verify any bugs identified by LLMs before submitting them, according to Dark Reading.
  • But developers bent on get-rich-quick schemes tend to be less discerning about quality and more interested in volume, which raises the question of whether AI-generated coding tools should apply some sort of watermark or flag to their output to help maintainers sort through contributions.
  • "While new tools enable more development, it shifts effort from the implementor to the reviewer, and our policy exists to ensure that we value and do not squander maintainer time," LLVM project maintainers wrote.
  • The Linux Foundation has a policy on the use of copyright material in AI-generated code, but here's a place where it could throw its weight around and encourage the industry to help maintainers deal with slop contributions, which are only going to increase.

Hit the griddy

OpenAI committed to a massive data-center construction plan last year that will require a big upgrade to the electrical infrastructure in the towns and cities that will eventually host its AI model training and inference servers. This week it joined Microsoft in promising to offset the cost of upgrades to the electrical grids in those locations to avoid sticking local rate-payers with the bill.

"Across all of our Stargate Community plans, we commit to paying our own way on energy, so that our operations don’t increase your electricity prices," OpenAI said in a blog post ahead of its appearance at Davos Wednesday. That includes "funding the incremental generation and grid upgrades our load requires" and "working with utilities, grid operators, and the industry to develop strategies for operating AI campuses as flexible loads," it said.

Microsoft made a similar pledge last week, reflecting growing concerns within local communities about the rush to build data centers around the world to accommodate the AI boom. Whether OpenAI can drum up enough revenue to live up to its infrastructure commitments, however, remains an open question.

Enterprise moves

Cameron Etezadi and Robert O’Donovan are the new chief technology officer and chief financial officer, respectively, at LaunchDarkly.

Vinay Kumar is the new chief product and technology officer at DigitalOcean, joining the boutique cloud infrastructure company after more than a decade at Oracle.

Ken Ricketts is the new chief information security officer at Teradata, following security leadership roles at Insight Partners and Coupa Software.

Brad Dever is the new chief commercial officer at CloudAvanti, joining the Oracle-oriented consulting company after leading that practice at Accenture in Canada.

Craig McDonald is the new chief revenue officer at Trulioo, joining the fraud-prevention company after similar roles at Trustly and MoneyGram.

Nicolas Dubé is the new corporate vice president for data center systems and solutions at Intel, following similar roles at Arm and HPE.

The Runtime roundup

Intel's stock fell 13% in after-hours trading after it reported first-quarter guidance well below analyst expectations.

Cisco is urging customers to patch a "critical" flaw in its Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance products that could allow remote code execution, according to CSO.

Thanks for reading — see you Saturday!

Published in: Newsletter, LLVM, curl, OpenAI
Author
Tom Krazit

Tom Krazit

Tom Krazit has covered the technology industry for over 20 years, focused on enterprise technology during the rise of cloud computing over the last ten years at Gigaom, Structure and Protocol.

View articles

Read next

Here come the coworking agents
Newsletter

Here come the coworking agents

Today: Anthropic and Salesforce roll out slightly different takes on the future of work with AI agents, Microsoft vows to limit the local impact of data-center construction as pushback starts to grow, and the latest funding rounds in enterprise tech.

Tom Krazit

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Runtime.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.