AI Spams Open Source Repositories With Fake Requests
04.02.2025
According to some maintainers, artificial intelligence is being used to create fake pull requests to open source repositories about functional issues. So far, AI-initiated issues have been reported in Curl, React, CSS, and Apache Airflow, The New Stack reports .
One maintainer tracked down an AI company that claimed the spam was a mistake. It's unclear how widespread the problem is, but it's serious enough that maintainers are openly concerned.
Apache Airflow maintainers noticed that one day they were getting almost double the number of requests, up to 50 compared to the usual 20-25. They investigated and noticed that the requests were very similar, but didn’t actually make sense. They began to suspect that these fakes were being created by AI.
“In recent days and weeks, we’ve started getting a lot of requests that are either copies of other requests or are completely useless and don’t make sense,” says Jarek Potiuk, a committer and PMC member of Apache Airflow, an open source platform that allows users to develop, plan, and monitor data pipelines. “This takes up valuable time for maintainers who have to assess and close issues.”
Not only do AI tickets create more australia mobile database for maintainers, he says, they can also lead to genuine issues being missed or improperly closed.
“We have about 30 issues a day, maybe 40, but now in 24 hours we have another 30, so 100% more, which means we don’t have time to make decisions on other issues because we have to make decisions about what to do: is this a real issue or a fake one?” Potyuk explains. “Because of this very detrimental effect, there were at least two or three tickets that were created by real people, and some of the maintainers, who are already annoyed by fakes, closed them as spam.”
He later looked at these tickets and noticed these two or three closed but legitimate issues. Potyuk reopened them, but there was still a chance he missed a real issue. He also heard from other maintainers that they had encountered a similar problem of “strange” requests, although they did not have as many fake issues as AirFlow.