AI-generated abandonware is hollowing out open source

Estimated reading time: 7 minutes

Key takeaways:

• Generative AI has drastically lowered shipping barriers, creating a surge in low-quality abandonware.
• AI workflows short-circuit traditional community engagement loops, starving open-source projects of documentation traffic, revenue, and new maintainers.
• Maintainers are overwhelmed by a deluge of automated AI slop submissions.

Open-source abandonware isn’t new. Repositories have always accumulated half-finished projects and good intentions. But there’s growing evidence that AI-generated code is making the problem significantly worse.

With AI-assisted development, you trade code quality for quantity. As we’ve noted before, in environments where accuracy matters, such as a financial exchange, you end up spending less time writing code and more time verifying and refactoring it. With code that is more exploratory or personal, like my own tools for Google Docs, quality matters less. But that has a different side effect: we end up generating more code that is quickly abandoned.

Of course a lot of code has historically been abandoned, but AI seems to be exacerbating this lack of commitment. In a short post published last month, developer Mike Yerou explained the problem plainly: “The barrier to shipping software has collapsed. With AI code generation, any fleeting idea can become a reality almost instantly. But there’s a catch: software that is created fast is often abandoned fast.”

That may be partly because we are less invested in code we didn’t write, but also because lower-quality AI-generated code is genuinely hard to maintain. One anecdotal case study from early 2026 involved a developer called Pooja Rana who, after spending 225 hours managing and debugging AI-generated code, mass-deleted the entire output and rewrote it by hand.

There are broadly three things going on here. First, we simply aren’t as invested in code we didn’t write ourselves. Second, AI-generated code – at least when produced lazily – is hard to maintain. And third, AI-generated code is quietly breaking the economic model on which open-source software rests.

The numbers are not reassuring

GitHub’s Octoverse 2025 report recorded 36 million new developers joining the platform in the past year, with 230 new repositories created every minute. Over 4.3 million AI-related repositories now exist on the platform, representing a 178% year-on-year jump in LLM-focused projects alone. Some 80% of new developers on GitHub use Copilot in their first week.

A lot of the resulting code will be abandoned.

The 2026 Open Source Security and Risk Analysis (OSSRA) report from Black Duck, based on analysis of 947 commercial codebases across 17 industries, provides the most authoritative data we currently have on the state of open-source maintenance. 

Its findings are grim. A staggering 93% of codebases contained components with no development activity in the last two years. Only 7% of components in the audited codebases are running the latest available version, and 41% are ten or more versions behind. Black Duck calls this the ‘zombie component’ problem: software that appears functional, is actively relied on, but effectively unmaintained. This maintenance debt creates compounding security risk. When a vulnerability is discovered in a project that hasn’t been touched in years, there is often no maintainer left to fix it.

AI is making all of this worse

In other words, abandoned projects don’t disappear. They persist as dependencies inside codebases that others rely on. Before AI, the rate of abandonment was broadly matched by the community’s capacity to notice, flag, and fork. What’s changed is the volume, and the fact that AI workflows reduce the human activity, such as documentation reading, forum questions and  pull request engagement, that previously acted as an early warning system.

Documentation has always been under-valued, with technical writers chronically underpaid. But now there is a perverse idea that AI can write the documentation. Which it can – badly. AI is also speeding up the breaking of the economic model on which open source depends.

A pre-print paper published in January 2026 by economists Koren, Békés, Hinz, and Lohmann, titled Vibe Coding Kills Open Source, models the consequences. The paper’s central finding is that under traditional OSS business models, widespread AI-assisted development undermines the open-source ecosystem’s ability to sustain itself,  even as it produces more software than ever before.

Traditional open-source development follows a documented engagement loop: a developer downloads a package, reads documentation, encounters a problem, asks a question on a public forum, and sometimes contributes a fix. That activity generates the visibility through which maintainers earn their private returns – reputation, consulting leads, documentation traffic, paid enterprise add-ons, and so on.

AI-assisted workflows short-circuit the loop. Agents select and assemble packages without engaging with documentation or forums. The Tailwind CSS case featured in the paper illustrates this. In a January 2026 GitHub comment, Tailwind CSS creator Adam Wathan reported that despite its enduring popularity, Tailwind CSS’ documentation traffic had decreased by around 40% since early 2023, and revenue was down almost 80%. “Together, these patterns suggest that AI mediation can divert interaction away from the surfaces where OSS projects monetize and recruit contributors,” the paper’s authors write.

Stack Overflow saw the same dynamic at scale: research published in PNAS Nexus in 2024 found that within six months of ChatGPT’s release, Stack Overflow activity dropped by around 25%. By May 2025, Gergely Orosz suggested that Stack Overflow was almost dead, as overall traffic had declined sharply.

The result is a growing asymmetry: automated tools make it trivially easy to submit code, bug reports, and pull requests, while review and validation remain costly, manual, and time-consuming. Daniel Stenberg, creator of curl, has tracked what he calls “AI slop” submissions to his project: two in 2023, six in 2024, and 37 in 2025. “We still have not seen a single valid security report done with AI help,” he wrote on LinkedIn.

Keeley Hammond, a longtime maintainer of Electron, described receiving twice as many proposals in 2025, with a significant portion being AI-generated noise. “It’s frustrating when you know some contributors put real thought into theirs,” she said on GitHub’s podcast.

It is worth being pragmatic about the connection between AI-generated abandonware and the systems engineering teams rely on today.

I wrote about what’s gone wrong at GitHub after the platform suffered 257 incidents between May 2025 and April 2026, including 48 major outages. The same explosion of AI-generated code that is straining GitHub’s infrastructure is also filling its repositories with projects that will never be maintained. GitHub is simultaneously the surface on which agentic workflows run and the archive where their output accumulates.

What this means for you

Before choosing a library, tool, or framework, engineering leaders need to evaluate not just the code but the people and organizations sustaining them. That means looking at commit history, not just star count. It means checking whether documentation traffic and community engagement are growing or declining. And it means ascertaining whether a project has a bus factor of one – and if that one person is drowning under a deluge of AI-generated pull requests.

The OSSRA data is a useful starting point: if 93% of codebases contain zombie components, the odds are high that yours does too. An audit of your dependency tree, mapped against recent development activity, is not a pleasant exercise, but it is necessary. Tools like Nexus Lifecycle, Snyk, and Dependabot can surface stale and vulnerable dependencies; the difficult decision is what to do about them.

There is also a question of internal culture. If your engineers are using AI to generate contributions to open-source projects without meaningful human review before submission, they are participating in the degradation of infrastructure that your organization almost certainly depends on. That is worth naming explicitly in engineering standards and code review policies.

The broader structural problem – that the open-source ecosystem’s sustainability model is being eroded by AI in ways that may not be visible until something critical fails – is not one that any individual organization can solve. But engineering leaders can advocate for sustainability, contribute financially to projects they depend on, and make the case internally that open-source health is not someone else’s problem.

The optimistic reading at this point is that AI has democratized software creation, lowered barriers to entry, and enabled people who previously couldn’t build software to do so. That is true, however most of what is being built will not exist in useful form in two years because the people who created it will have moved on.

When everyone can build, the scarce resource is maintainers. That scarcity was already real before AI made it worse. The question now is whether the industry will treat it as the infrastructure problem it is, or wait for the next Log4j to remind us.

New York • September 15-16, 2026

Full LDX3 lineup is here 🙌

See who’s speaking