{"slug": "github-is-becoming-a-giant-ai-code-dump", "title": "GitHub Is Becoming a Giant AI Code Dump", "summary": "GitHub has 630 million repositories, with nearly half of all new code written by AI, but developer trust in AI code dropped from 77% to 60%. Carnegie Mellon University found 6 million fake stars, and CodeRabbit reported AI code has 1.7x more critical issues than human code, with 45% containing OWASP Top 10 vulnerabilities. A randomized trial showed AI users were 19% slower but believed they were 20% faster, while open-source projects like curl, Ghost, and Tailscale are banning AI-generated contributions due to quality concerns.", "body_md": "# GitHub Is Becoming a Giant AI Code Dump\n\nBy MAREF Engineering\n\nGitHub has 630 million repos. Nearly half of all new code is written by AI.\n\nSounds like a productivity explosion, right?\n\nBut there's another number in that same report: developer trust in AI code dropped from **77% to 60%**. More people are using it. Fewer people believe in it.\n\nAnd it gets worse.\n\n## Half the projects you see are fake\n\nCarnegie Mellon University found **6 million fake stars** on GitHub. Security firm Socket uncovered **370,000 \"fix stars\"** directly tied to scams. That vibe coding project with thousands of stars? Probably half are fabricated.\n\nThat's not even the scary part.\n\nCodeRabbit scanned 470 PRs. AI-written code had **1.7x more critical issues** than human-written code. **45%** of AI code ships with OWASP Top 10 vulnerabilities. **63%** of developers say fixing AI code takes longer than writing it from scratch.\n\nBut here's the most mind-bending finding.\n\n## You're getting slower, but you have no idea\n\nMeter ran a randomized controlled trial. The result: AI users were actually **19% slower**, but they thought they were **20% faster**.\n\nWhen they showed the participants the data, *they still insisted they were faster.*\n\nThat's the real horror. You're getting slower, and you have no idea.\n\n## Open source is drowning in garbage PRs\n\nLook at what major projects are doing:\n\n**curl**— shut down its 7-year bug bounty program. AI-generated bug reports: only** 5%**were real. The rest was noise.** Ghost**— outright banned AI-submitted code.** Tailscale**— went further: closed all external PRs. AI or not, doesn't matter anymore.** GitHub itself**— building a \"PR kill switch\" so maintainers can one-click disable external submissions.\n\nOpen source isn't being destroyed by hackers. It's being drowned to death by garbage AI-generated PRs from vibe coders.\n\n## Garbage in, garbage out\n\nHere's the most ironic part of the whole chain:\n\nYou ask AI to write code → AI searches GitHub for references → It finds code written by other AIs → Garbage in, garbage out. What do you think comes out?\n\nGitHub used to be a code repository. It's turning into a giant AI code dump.\n\n## The problem isn't AI. It's governance.\n\nAI writing code isn't the problem. The problem is: **nobody is auditing what AI does.**\n\nThe core premise of vibe coding is \"accept everything AI generates — don't review, don't modify.\" That works for a TODO app. For production code, it's planting time bombs.\n\nBut asking humans to line-by-line review AI code isn't realistic either. If 63% of devs say fixing is slower than writing, reviewing is even slower.\n\nThe real solution isn't \"stop using AI\" or \"review everything manually.\" It's **automated governance between AI code and production**:\n\n**Every tool call is audited**— every file change, every API call, cryptographically signed and recorded.** Dangerous actions are blocked**— delete database? modify production? First pass through a 4-level decision tree. 97% auto-resolved, 3% escalated to human review.**Security policies evolve**— every false positive, every bypass attempt feeds back into the governance engine.** Formal verification**— not \"we hope this is safe.\" Mathematically provable convergence toward safety.\n\n**That's MAREF.** The open-source agent governance operating system. Brakes, seatbelts, dashcams, and a tireless security reviewer — for your AI agents.\n\n## Governance isn't a speed bump. It's what lets you go fast safely.\n\nUn-governed AI code doesn't go faster. It just crashes faster.\n\nThe projects banning AI submissions — curl, Ghost, Tailscale — aren't anti-AI. They're saying the same thing: **\"We welcome AI assistance. We won't accept garbage without quality control.\"**\n\nMAREF is that quality control layer. Not between you and AI. Between garbage code and your production environment.\n\nYou can still vibe code. You can still have AI write your code. But before it deletes your database, someone will stop it.\n\n**You're getting slower? No. You're finally seeing what you're actually shipping.**\n\n*📊 Sources: GitHub Octoverse Report, Carnegie Mellon fake star study, Socket security report, CodeRabbit 470 PR analysis, Meter RCT trial, curl/BT/Ghost/Tailscale official announcements. MAREF is an open-source agent governance operating system. Get started in 5 minutes.*", "url": "https://wpnews.pro/news/github-is-becoming-a-giant-ai-code-dump", "canonical_source": "https://maref.cc/en/blog/vibe-coding-crisis/", "published_at": "2026-06-24 08:21:59+00:00", "updated_at": "2026-06-24 08:43:17.052204+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety", "ai-ethics", "developer-tools", "ai-agents"], "entities": ["GitHub", "Carnegie Mellon University", "Socket", "CodeRabbit", "Meter", "curl", "Ghost", "Tailscale"], "alternates": {"html": "https://wpnews.pro/news/github-is-becoming-a-giant-ai-code-dump", "markdown": "https://wpnews.pro/news/github-is-becoming-a-giant-ai-code-dump.md", "text": "https://wpnews.pro/news/github-is-becoming-a-giant-ai-code-dump.txt", "jsonld": "https://wpnews.pro/news/github-is-becoming-a-giant-ai-code-dump.jsonld"}}