Introduction

Many people have different views on AI, and that is understandable, it's a new powerful technology that is actively changing the world, but, how is it affecting Open Source projects?

Quality of code

AI is good at writing code, but you need to review it. You shouldn't just let AI do something for you, as it is not perfect. AI is not some magic thing that can do everything without review, so always check AI generated code and test before pushing it to production.

In my personal opinion, only open PRs when AI generated code was used and install something like CodeRabbit (not sponsored, just the only AI PR review tool I've used) as another wall to make sure you don't push something broken to production, but this does not replace your review and you should still review everything yourself.

Security

We've all heard about Claude Mythos (Project Glasswing) and the amount of vulnerabilities it has found in Open Source projects, but Claude Mythos isn't the only model that can do this.

There are powerful models like Opus, and other open weight models that are pretty good at finding vulnerabilities, from a maintainer's point, this is pretty good, but when someone uses it against your open-source codebase with bad intents, then there's the problem.

AI, in my opinion, is now very important in every open-source project, so you can find vulnerabilities faster than exploiters.

Being open-source is now easier, but also harder than ever, so you need to make sure that after you are done writing code, ask an AI model to review it for vulnerabilities, and then review what the AI model did so you learn not to do what you did wrong.

Conclusion

AI is becoming more and more important in open-source projects, and we really can't do anything about it, so, like they say, if you can't fight them, join them.