Engineering Sacrifice: How Open Source Survives the Age of Free Code The Zig project has banned all LLM-generated contributions, calling them "invariably garbage," and Godot and the Linux kernel have followed with similar policies requiring disclosure of AI tool usage. Maintainers argue that AI-generated code floods projects with low-quality submissions that consume scarce reviewer attention, threatening the integrity of open-source development. The Zig project now bans LLM contributions across the board https://news.ycombinator.com/item?id=47957294 : no AI generated pull requests, no AI generated issues, not even AI assisted comments on the bug tracker. Zig’s president Andrew Kelley calls AI assisted contributions “invariably garbage” https://developers.slashdot.org/story/26/05/31/013213/zig-bans-ai-code-contributions-because-theyre-invariably-garbage , submissions with negative value because they consume the scarcest resource his team has, which is review time. Last week Godot followed https://news.ycombinator.com/item?id=48743472 : the engine’s new contribution policy https://godotengine.org/article/contribution-policy-2026/ requires all code to be human authored, demands disclosure of any AI assistance, and prohibits AI generated text in human to human communication. Even the Linux kernel now requires contributors to disclose AI tool usage https://hackaday.com/2026/07/03/godots-new-contributing-policy-adds-barriers-for-ai-slop/ , and a growing list of projects https://noai.starlightnet.work/list.html is adding restrictions of its own. But why? Are these maintainers simply the new Luddites of the 21st century? If AI is a labor productivity enhancing tool, and I spent the previous essay arguing that raising labor productivity is precisely what technology is for, why refuse it inside the movement that shares technology most freely? Let me be clear about what this essay is not arguing. I am not interested in litigating whether the code quality of LLMs is good or bad. In capable hands the throughput of these models is enormous, and the quality of the output can be impressive. But quality was never the maintainers’ real complaint. Their complaint is about a broken signal, and about everything that breaks with it. This essay is about the new problem the open source movement is facing, and about an uncomfortable idea: that to remain robust, open source will be forced to adopt ideas from guilds and secret societies. In fact, as we will see, it has already started. The problem, in a nutshell, is that projects are being flooded at a scale without precedent. Producing a thousand lines of plausible code now costs almost nothing. Reviewing those thousand lines still costs what it always did: the full attention of someone who understands the project deeply. Godot’s announcement states the imbalance plainly. The effort required to open a pull request has collapsed and submissions have multiplied, while the work of reviewing and the number of people able to review have stayed the same; the engine’s repository currently holds more than 5,000 unresolved pull requests https://kotaku.com/indie-game-engine-will-require-all-code-to-be-human-authored-following-an-ai-code-shitshow-2000711737 . The pattern is older than LLMs. Brandolini’s law observed that refuting nonsense takes an order of magnitude more energy than producing it, and Herbert Simon named the deeper principle back in 1971: “a wealth of information creates a poverty of attention”. The scarce resource in open source was never code. It is the attention of the people who understand the codebase. AI maximalists might answer that the fix is symmetrical: let AI do the reviewing too. But what is the point of building and maintaining a project in which no participant holds even a fragment of understanding of the whole? Before LLMs, contributors had skin in the game in practice, because making a pull request required effort, and that effort was not deadweight. You could not write the patch without acquiring some understanding of the project along the way; comprehension was a byproduct of the work. Strip that understanding out of contribution, and what remains is a repository without collective ownership, which raises the risk of hijack by hostile actors. In a project where AIs make the pull requests and other AIs merge them, who is really in control? A computer can never be held accountable. Therefore, a computer must never make a management decision.- IBM internal training presentation, 1979 Forty seven years later, Godot’s maintainers reached for the same principle: “AI cannot take responsibility” https://www.pcgamer.com/gaming-industry/open-source-game-engine-godot-will-no-longer-accept-ai-authored-code-contributions-we-cant-trust-heavy-users-of-ai-to-understand-their-code-enough-to-fix-it/ , and someone must. The spam problem reaches far beyond version control. Feeds, videos, and entire websites have filled with cheap generated content over the last years. Automated traffic now accounts for more than half of everything that moves on the web https://www.nbcnews.com/tech/tech-news/bot-web-traffic-overtaken-human-web-traffic-data-shows-rcna348522 , according to measurements like Imperva’s annual Bad Bot Report, and I would argue the real numbers are worse. Many people now generate and share content in a drone-like fashion, without reading what they publish. By automating the production of code and text, they have outsourced understanding. In Dissolving Markets https://lumramabaja.com/posts/dissolving-markets-how-sharing-technology-redistributes-power/ I analyzed markets through their asymmetries. Asymmetries are a useful lens outside of markets as well; they show where a system is headed. LLMs have introduced a new asymmetry into open source and into the internet at large: the asymmetry of cost between generating and verifying. It sounds abstract, but its mechanism is simple. Biologists call it the handicap principle, after Amotz Zahavi: a signal carries information only when it is expensive to fake. The peacock’s tail means something because a weak bird cannot afford one. Economists, following Michael Spence, know the same logic as signaling theory; a degree certifies ability partly because it is costly to obtain. In open source, effort was the signal. A working patch used to certify, by its mere existence, that someone had spent hours inside the codebase. LLMs did not lower the quality of contributions so much as they severed the signal from the substance. And when the signal dies, to borrow Nassim Taleb’s vocabulary, skin in the game dies with it, and fragility follows. The only remedy is to reintroduce skin in the game deliberately. For open source projects, there are two broad ways to do it: through sacrifice, or through trust. Sacrifice sounds archaic, but it has a distinguished engineering pedigree. In 1992, Cynthia Dwork and Moni Naor published “Pricing via Processing or Combatting Junk Mail”, which introduced proof of work for exactly the problem this essay describes: making spam expensive without making mail impossible. Adam Back’s Hashcash turned the idea into a running system in 1997, and a decade later Bitcoin repurposed the same mechanism to secure money; Satoshi cites Back directly. The pattern is far older than computing. To be admitted into a medieval guild, an apprentice had to produce a masterpiece, a single work costly enough to prove both skill and commitment at once. Secret societies demanded initiation rites, and the social psychology behind them is well documented; Aronson and Mills showed in 1959 that the more severe the initiation, the more its members value the group. All of these share a property that will matter shortly: sacrifice filters, but it does not exclude. The door stays open to anyone willing to put in the work. The second way to reintroduce skin in the game is trust. In a trust based project, only vetted developers may contribute meaningfully, and newcomers earn their standing from people already inside. Mature open source projects practice this already. The Linux kernel runs on a hierarchy of subsystem maintainers, a web of trust in which code reaches the top only through people who have proven themselves over years. Zig openly treats pull request review as an investment in growing trusted long-term contributors https://simonwillison.net/2026/Apr/30/zig-anti-ai/ rather than as a service to strangers. And Godot’s new policy is, quietly, a trust system too: contributors with three or fewer merged pull requests may not attempt features or refactors, and must first build standing through bug fixes and documentation. An apprenticeship, published last week, by a project that never once used the word guild. Trust systems are robust, but robustness is not the same thing as empowerment. A trust based project protects itself by narrowing who may take part; the scribes whose dissolution I celebrated in the previous essay ran on exactly this kind of exclusionary filter, and so does every guild. The difference between the two mechanisms is what they filter by. Trust filters by relationship: someone inside must know you, vouch for you, and admit you. None of this makes trust a bad mechanism. The one who vouches carries real risk, since their own standing is staked on the newcomer’s behavior, and that is skin in the game of the purest kind. The limitation lies elsewhere: whoever finds no voucher stays outside, however capable they may be, and that is at odds with the inclusive philosophy of open source. Sacrifice filters by contribution: effort, work, stake, things anyone is free to offer. A sacrifice based filter therefore stays open to everyone willing to pay the cost, which is precisely the property an open movement has to preserve. The point is not to rebuild the guild as it was. The point is to recover the one thing the guilds understood and we forgot: entry into a commons must cost something, or the commons dies. Because of AI spam, adaptation is no longer a question of whether, only of how. And the current answers, written policies and outright bans, are honor systems. There is no reliable way to detect whether a given patch was written by a model, a point raised in the comments under every one of the announcements above. Rules require detection. Sacrifices do not. A sacrifice does not ask what species wrote the code; it asks whether someone valued the contribution enough to carry a cost for it. This reframing also explains why open source never needed explicit filters before: the code itself was the sacrifice. Writing it by hand was costly, and the cost happened to purchase understanding along the way. Now that generation is free, the sacrifice has to move somewhere else. Where it moves, and what shape it takes, is an engineering question. For now, it is an open one. It would be a mistake to read any of this as a silly game. Automated traffic already makes up more than half of the web, and every trend points toward AI activity dwarfing human activity within a few years, in code, in text, in everything that moves through a network. The goal is not to keep AI out. Even a project whose contributions and reviews are entirely automated will need mechanisms against unbounded spam, because cost asymmetries do not care who exploits them. The goal is to bind cost and accountability back to throughput, whoever or whatever produces it. Sacrifice, trust, and skin in the game are not the inventions of cults. They are social patterns that have survived the test of time, and they have survived because they work. In the previous essay I wrote that breaking the cycle of centrally controlled networks demands protocols with specific properties, and I left those properties unnamed. Here is the first one. It is time to build protocols with skin in the game.