The Dangers Agentic Coding Tools Pose to Open Source

I wasn't exactly sure where the best place would be to share this, but I had written up a fairly lengthy post on this topic over on LinkedIn and wanted to extract it out of that silo…so here goes!

To be honest, I've hardly heard a peep about how "agentic AI vibe coding" (say that 10 times fast!) is short-circuiting the incredibly important long tail of developers engaging with open source projects.

Open source libraries & frameworks aren't there simply so you can "build something" with them (that's probably not open source 🤨). Free software is often talked about being free as in speech—libre as it's sometimes called—not free as in beer. They're not "free" for the taking. We need to get past such an extractive mindset! There are many other purposes of open source:

• Being part of a global developer community which works on projects together.

• Learning from each other, sharing ideas and knowledge. Collaboration.

• Exploring ways to make technology beyond mere sharing of code files.

• Avoiding vendor lock-in, corporate silos, unchecked capitalism, security/privacy shenanigans, and other undesirable secondary effects of widespread computer tech.

Open source, and its political subset known as the Free* Software movement (*Libre), is incredibly valuable as one of the Great Commons humanity has ever produced.

AI threatens to upend this entirely. Three immediate problems we're already having to grapple with:

1. GenAI is trained on billions (trillions?) of lines of code, much (all?) of it open source. That means the "value" you get out of an agentic tool producing code has been built on top of untold amounts of human labor which almost without exception never signed up for this. After all, the whole point of sharing code is that humans are freely communicating something meaningful to other humans, just like any other creative artifact.

2. Agentic tools can produce code which closely resembles known open source solutions, yet that code does not reference those solutions. This leaves incredible learning experiences off the table. Sometimes it's true we want to avoid unnecessary dependencies, but if your tool produces code you use which would otherwise have been something available via the open source community, you are robbing the community of being properly involved in your processes. Even if you manually copy'n'paste a solution from another project, or even StackOverflow, etc., you can (you should!) add an attribution and link your project into the broader conversation around good solutions and best practices.

3. Instead of up-and-coming programmers learning by contributing to open source repos or creating their own, as part of the very natural and important educational process to learn mastery of craft, vibe coders rob themselves—and the rest of the community at large!—of that capacity. Yesterday's new contributors to open source are tomorrow's vibe coders who do not contribute. Increasingly, this could mean the open source community gets grayer and starts to shrink, lacking necessary youthful vitality. The devastation this would bring to computing overall is incalculable.

We need to talk about this! Spread the word.

P.S. I ran out of room for a fourth major problem! Open source projects are themselves under attack by false PRs: bugfixes which fix non-existent bugs or don't even work at all, bad refactoring recommendations, and many other headaches. Open source maintainers already have way too much to deal with…having to fend off an onslaught of slop is horrifying. It's not a stretch to say that no open source project, properly maintained, can allow AI slop to be merged into the codebase. This should tell you a lot about the dangers of these technologies.