Part 7: Cheap to Send, Costly to Read

The open-source community is facing a crisis due to the rise of AI-generated code submissions. GitHub's own numbers show a 3.6x increase in merged pull requests, from 25 million to 90 million per month, largely driven by AI-assisted submissions. However, the quality of these submissions is poor, with only about 1 in 10 AI-assisted pull requests meeting the basic bar to be opened. This has resulted in maintainers being buried under a large volume of low-quality submissions, with Daniel Stenberg, maintainer of curl, shutting down the project's bug bounty program due to being overwhelmed by AI-generated vulnerability reports.

The issue is not limited to open-source projects; it has broader implications for the software development industry. As AI-generated code becomes more prevalent, companies will have to adapt their review processes to handle the increased volume of submissions. GitHub has already started to address this issue by introducing features such as settings to disable pull requests, concurrency caps, and archiving features to help maintainers manage the noise. However, this is just a temporary solution, and a more fundamental shift in how code is reviewed and understood is needed.

The risks associated with AI-generated code are significant, with studies showing that AI-generated solutions are often functionally correct but not secure. Carnegie Mellon researchers found that only about 10 percent of AI-generated solutions were actually secure. This can lead to a phenomenon known as cognitive debt, where the gap between code that exists and code that anyone actually understands grows, making it more difficult to maintain and debug software. As the software development industry continues to adopt AI-generated code, it is essential to prioritize code review and understanding to mitigate these risks.