OSS Is Going Just Great

…and Generative AI is definitely not burying maintainers under mass-generated slop.

2024

January

• Daniel Stenberg (curl) publishes “The I in LLM stands for intelligence”

March

• Claude 3 family (Opus, Sonnet, Haiku) released

April

• Gentoo bans AI-generated code contributions

May

• GPT-4o released
• NetBSD bans AI-generated code as “tainted”

June

• Claude 3.5 Sonnet released

July

• GPT-4o mini released
• “We Have a Package for You!” posted to arXiv (later published at USENIX Security 2025)

September

• o1-preview and o1-mini released

October

• Claude 3.5 Haiku released
• Sonatype 2024 report: 704,102 malicious packages logged (156% YoY increase)

December

• o1 released
• GitHub Copilot free tier
• Seth Larson (Python PSF) publishes “New era of slop security reports”

2025

January

• o3-mini released
• DeepSeek R1 released

February

• Andrej Karpathy coins “vibe coding”
• Claude 3.7 Sonnet released
• Claude Code preview

April

• o3 and o4-mini released
• GPT-4.1 series released
• Slopsquatting term coined (by Seth Larson, amplified by Andrew Nesbitt)
• Sonatype Q1 2025 report: 17,954 malicious OSS packages identified; 56% related to data exfiltration (up from 26% in Q4 2024)

May

• Claude Sonnet 4 and Opus 4 released
• Claude Code GA
• OpenAI Codex released
• Stenberg posts “We are effectively being DDoSed”; introduces instant-ban policy for AI slop on curl’s HackerOne
• Open Collective reports being “flooded with AI garbage” bug reports

June

• Trend Micro publishes slopsquatting research
• Malicious PyPI packages targeting Solana developers discovered

July

• curl bug report volume spikes to 8x normal rate in one week
• Stenberg publicly mulls killing the bug bounty program
• HackerOne launches Hai Triage
• PyPI publishes incident report on phishing attack
• IndonesianFoods campaign reaches 150,000+ npm packages
• METR study: experienced open-source developers are 19% slower with AI tools — despite believing they were 20% faster

August

• GPT-5 released
• Claude Opus 4.1 released
• Ghostty (Mitchell Hashimoto) introduces mandatory AI disclosure policy for PRs

September

• Claude Sonnet 4.5 released
• Shai-Hulud self-replicating npm malware discovered
• PyPI publishes incident report on token exfiltration via GitHub Actions
• Cybersecurity Dive: “Tech giants pledged millions to secure open-source code. Then AI came along.”

October

• Claude Haiku 4.5 released
• Stenberg: “A new breed of analyzers” — praises AI-assisted bug finding by Joshua Rogers
• PyPI adds typosquatting detection for project creation

November

• Clawdbot launched
• Claude Opus 4.5 released
• Nolan Lawson: “The Fate of Small Open Source”
• Linux kernel AI contribution guidelines proposed (Dave Hansen/Intel, v3)
• OCaml maintainers reject 13,000-line AI-generated pull request
• PyPI publishes incident report on Shai-Hulud implications

December

• GPT-5.2 released
• Claude Code background agents released
• PyPI year in review: hardened ZIP upload pipeline, typosquatting detection, domain resurrection prevention, spam prevention
• Excalidraw receives 2x PRs in Q4 vs Q3
• Rob Pike, Guido van Rossum, and Anders Hejlsberg spammed by autonomous AI agents performing “random acts of kindness” on Christmas Day

2026

January

• Clawdbot renamed to Moltbot after Anthropic trademark complaint; then renamed to OpenClaw three days later. The abandoned “Moltbot” name was immediately impersonated by attackers who grabbed old handles and pushed 400+ malicious agent skills through ClawHub
• Sonatype 2026 State of the Software Supply Chain report published
• Cloudflare publishes “Building a serverless, post-quantum Matrix homeserver”; Matrix Foundation responds
• Armin Ronacher (Flask creator) publishes “Agent Psychosis”
• Linus Torvalds tells kernel devs to stop making an issue of AI slop in docs
• curl shuts down bug bounty program (effective Jan 31)
• LLVM institutes “human-in-the-loop” policy for AI-generated contributions
• Ghostty (Hashimoto) escalates to zero-tolerance AI policy
• tldraw (Steve Ruiz) auto-closes ALL external pull requests — “Stay away from my trash”
• 128 phantom npm packages (slopsquatting) racked up 121,539 downloads Jul 2025–Jan 2026
• “How AI Impacts Skill Formation” (Shen & Tamkin) — developers using AI learned less and debugged worse, without significant efficiency gains

February

• Daniel Stenberg delivers FOSDEM 2026 closing keynote: “Open Source Security in spite of AI”
• International AI Safety Report 2026 published (Yoshua Bengio et al.) — documents AI agents completing multi-hour software engineering tasks autonomously
• Claude Opus 4.6 released — Anthropic reports it found 500+ high-severity zero-day vulnerabilities in OSS libraries (Ghostscript, OpenSC, CGIF) during internal red-team testing
• GitHub weighs PR “kill switch”
• RedMonk publishes “AI Slopageddon and the OSS Maintainers”
• InfoWorld: “Is AI killing open source?”
• continue.dev: “We’re Losing Open Contribution”
• Mitchell Hashimoto releases Vouch, a community trust management system based on explicit vouches to participate
• 1Password launches SCAM benchmark — tests whether AI agents fall for phishing and social engineering during realistic workflows; every model tested committed critical failures
• An AI Agent Published a Hit Piece on Me

Resources

• CHAOSS AI Alignment WG — project AI policies, spam examples, blog posts
• Sonatype SSC Attack Timeline — curated timeline of supply chain attacks
• daniel.haxx.se AI tag — Stenberg’s full archive of AI-related curl posts
• Pivot to AI — David Gerard’s AI hype and harm tracker
• Simon Willison’s blog — prolific coverage of AI tools and their real-world impact
• Seth Larson’s blog — Python PSF security developer-in-residence

Missing something? Contributions welcome.

Hat tip to Web3 Is Going Just Great for the format inspiration.