In some ways I'm starting to enjoy this. Do you remember the 419 scams? 'Hi, I'm a Nigerian prince named Michael Jordan. Give me $50 so I can buy some chemicals to clean a bunch of money I secretly stowed away and I'll send you $5000.' People actually used to fall for that. Of course some people probably still would (and a lot more certainly gets blocked by spam blockers) but I think overall society grew less substantially less gullible over time.

But in general I think most people still remain excessively gullible and naive. Social media image crafting is one of the best examples of this. People create completely fake and idealized lives that naive individuals think are real. Now with AI enabling one to create compelling 'proof' of whatever lie you want, I think more people are becoming more suspicious of things that were, in fact, fake all along.

---

Going back to ancient times many don't know that Socrates literally wrote nothing down. Basically everything we know of him is thanks to other people, his student Plato in particular, instead writing down what he said. The reason for this was not a lack of literacy - rather he felt that writing was harmful because words cannot defend themselves, and can be spun into misrepresentations or falsehoods. Basically - the argumentative fallacies that indeed make up most 'internet debates', for instance. Yet now few people are not aware of this issue, and quotes themselves are rarely taken at face value, unless they confirm ones biases. People became less naive as writing became ubiquitous, and I think this is probably a recurring theme in technologies that transform our abilities to transfer information in some format or another.

> There’s already more human produced content in the world than anyone could ever hope to consume, we don’t need more from AI.

Even if you think the harms of AI/machine generated content outweigh the good, this is not a winning argument.

People don’t just consume arbitrary content for the sake of consuming any existing content. That’s rarely the point of it. People look for all kinds of things that don’t exist yet — quite a lot of it referring to things that are only now known or relevant in the given moment or to the given niche audience requesting it. Much of it could likely never exist if it weren’t possible to produce it on demand and which would not be valuable if you had to wait for a human to make it.

I think we should start calling LLM-generated data 'dis-content'.

Creating a email/messaging protocol to solve spam, which can also be used to solve LLM generated spam pull-requests because pull-requests are also a form of messaging and have the same characteristics.

Check this profile for the email if you wanna ask for more info or get updates.

Edit: To the people downvoting this, what have you done to help solve the spam problem that will be made worse by LLMs?

I personally am more afraid of not the exact opposite, but more that AI will cause us to have too little content more than we will have too much. I just notice with myself how much less I’m using Wikipedia or forums, and get my answers from OpenAI or Antrophic. From what I remember it’s a over 20% drop in Wikipedia traffic from monthly 2022 vs 2025.

Large Language Models cannot think but they can self correct. You can think but clearly have some serious problems self-correcting your wrong assumptions. Who is smarter then?

Doubly interesting (and relevant to this discussion) is that it was an AI code review tool that detected the issues with the PR

One of these days I need to make a bot that scans FOSS repos for this kind of little pink nonsense behavior.

The insecurity of wanting to call a place "country name, province of different country name" should alone be mocked. Imagine, "Ukraine, province of Russia," or "India, colony of The United Kingdom." Absurd on its face.

> to invest a lot more in testing and evals

I don't think this will work. The same arguments could have been said to mitigate junior devs' work or short timeline/high stakes project technical debt and rarely ever anyone listened

I disagree. I think there’s a near future where this is true, but we’re still at the point where you can cut down on a lot of spam/slop by rejecting the class of LLM-generated content as a policy.

That might be a contributing factor to this problem. the means to produce these bogus reports are integrated directly into so many dev tools nowadays.

Is there a way to ban specific users in your GitHub project?

(I prefer GitLab, I'm sure if it had projects that are as popular it would be similarly inundated.)

I haven’t seen anything obvious, even including the other repos where I look through issues a lot.

Maybe it’s only the really popular and buzzword-y repos that are targets?

In my experience, the people trying to leverage LLMs for career advancement are drawn to the most high profile projects and buzzwords, where they think making PRs and getting commits will give them maximum career boost value. I don’t think they spend time playing in the boring repos that aren’t hot projects.

At first, I thought "wow, this project has been inactive for some time and this PR is quite large". The use of emojis should have tipped me off :)

https://github.com/photo/frontend/pull/1609

AI slop attacks on the cURL project : https://www.youtube.com/watch?v=6n2eDcRjSsk

Everything is collapsing toward a low-trust default. At the end of this trajectory, we rediscover that the analog world becomes valuable precisely because it can't be infinitely replicated.

Authenticity becomes the foundational currency.

But everyone must master AI tools to stay relevant. The brilliant engineer who refuses AI-generated PR by principle will get replaced. Every 18-24 months, as capabilities double, required skills shift. Specialization diminishes. Learning velocity becomes the only durable advantage. These people cannot learn new tricks.

Those who cannot question their assumptions cannot self-correct and will be replaced. The future belongs to the humble, the fluid, and the resilient. 60% of HN users is going toward a very tough time, and I am being very charitable with this assumption.

AI seems like a rerun of the Eternal September problem that eventually killed internet news groups and a lot of email discussion lists.

> I have a simple rule: whenever I receive an issue or PR from an unfamiliar account, I skim the text and/or code and post 1-2 quick questions. If the submitter responds intelligently, then the issue warrants a more in-depth investigation. If not, the submitter clearly doesn't think that the issue is worth following up on, so it's not worth my time, either.

And if the submitter responds with "Great question! ...", what then? :D

That's a reasonable first step, but a human can just as well feed your questions to the LLM, and post the responses. So you really have to be vigilant throughout your interactions with the author, or, if the PR is unsalvagable, save yourself some time and effort and reject it from the start.

> I'd rather talk with an intelligent LLM

There's no such thing.

What good does having integration tests and linters do when triaging issues? When trying to figure out if a bug report is hallucinated or not?

> I have an issue with low quality slop whether it comes from a machine or from a human.

It's very hard for a human to mask a low-quality PR as thought it were reasonable quality. It is incredibly easy for an LLM to do it (in fact that is precisely what they are trained to do).

In addition, when I see a low-quality PR, I try to mentor the submitter. That doesn't make sense to do for LLMs (the submitter might not even bother reading my comments).

> and have guidance like AGENTS.md files that tell coding robots how to be successful in the repo.

If none of the maintainers use such tools, why is it our responsibility to maintain documentation to appease them (in the hopes of reducing spam)? A policy limiting their use is much simpler to write and requires less maintenance.

Seems about right.

> I can see a future in our lifetimes where a significant amount of our capital expenditure and energy consumption is used, quite simply, to produce garbage.

If you squint your eyes right at the shelves at Target or in the Amazon delivery trucks, or honestly just look around you most anywhere, you may not have to wait for the future to see it.

If I could find a way to turn LLM training into some sort of proof of work crypto mining I could cut the energy use in half!

Considering how energy intensive generative content is, there is a good chance that it is already becoming a sizable share of energy use for the internet.

Humans are far more effective at producing garbage than LLMs will ever be :)

I assume any LLM contributions are uncopyrightable at best or copyright infringement at worst. Either way, I don't own the copyright.

In order to avoid a potential future where I lose the copyright due to being unable to show a substantial portion is human authored, I try to keep track of what is AI authored and what is human authored.

From a copyright perspective, right now accepting LLM contributions feels like playing with fire, at least for closed source projects.

Copyright in the context of LLM's is kind of weird. It doesn't explicitly copy others code but it does lean heavily on the structure of it. Is it evidence of copying prior work or is it fair use? Alas, we don't really have any legal bearing that can handle this yet.

If it is copying prior work, then you are right that there would be a lot of cross licensing bleed through. The opposite is also true in that it could take proprietary code structure and liberate it into GPL 3 for instance. Again what is the legal standing on this?

Years back there was a source code leak of Microsoft Office. Immediately the Libre office team put up restrictions to ensure that contributors didn't even look at it for fear that it would end up into their project and become a leverage point against the whole project. Now with LLM's it can be difficult to know where anything comes from.

I completely agree, but it seems that our industry has decided to turn a blind eye to it. They might even get away with it -- the recent rulings around fair use with regard to Facebook and Anthropic's unrepentant copyright violations[1] was particularly galling to me.

Almost all of the projects I work on require you to sign the Developer Certificate of Origin[2] (which attempts to protect projects from people submitting code that they know cannot be licensed under the project's license), and in my view LLM code you submit does not fulfill the requirements of the DCO. Unfortunately, it seems nobody actually cares about this either.

[1]: https://www.debevoise.com/insights/publications/2025/06/anth... [2]: https://developercertificate.org/

copyrighting software to begin with was always laughable.

That's just stupid.

IF you want LLM code reviews, there are bots for codex, copilot, claude etc that plug straight into Github PRs and review the code automatically.

Some of them are actually useful, some just plain wrong and some are subtly wrong and you need to spend some time figuring out whether it's right or wrong :)

IMO it's still a net positive because LLMs tend to pick up really weird subtle errors that humans easily gloss over.

Alas this is an issue of LLM generated code. Increased productivity but lessened understanding. If you can increase productivity while also increasing understanding then that will be a decent middle ground.

All comes down to accountability.

If people can't make a good (PR, story, or whatever) without AI, they certainly can't do it with AI, because using the AI is strictly more difficult - it requires all the original skill, plus the skill to work around the AI's quirks.

This is arguably isomorphic to Kernighan's Law:

> Everyone knows that debugging is twice as hard as writing a program in the first place. So if you’re as clever as you can be when you write it, how will you ever debug it?

You're being downvoted but I think I get what you're getting at.

When I was doing my masters a few months ago, I would get my assignments rejected whenever I didn't run them through Grammarly first.

I have nothing against Grammarly, it's a useful too, but I find that it has the tendency to reject things that (as far as I can tell) are still technically correct but don't have the "AI vibe" to it. I suspect that the graders are running things through Grammarly themselves and rejecting anything that it rejects. This is probably going to become increasingly more common as time goes on.

It's hardly the worst thing in the world, but I do think it will lead to the only "accepted" writing being extremely plain and formulaic.

I think it’s disrespectful of others to throw generated code their way. They become responsible for it and often donate their time.

I would potentially accept it (although you should not lie about it, and if someone says in their policy that they specifically do not want this then you should not send it), although for my own projects, there are reasons (having to do with the way the version control is set up) that I cannot accept direct contributions anyways, and I usually make my own changes to any contributions anyways (but anyone else can make their own copy with their own changes however they want to do, whether or not I accept it). Since it is honest, and that you had reviewed it by yourself before submitting it, and also tested it, and that I would review it again anyways as well, it would be acceptable, although I would still much more prefer to receive contributions that do not use LLM, still the way you do it is much better than the other stuff some by LLM which does not meet the threshold of being acceptable.

If I were the maintainer, and you specified up front that your PR was largely written by an LLM, I would appreciate it. I may prioritize it lower than other PRs, perhaps, but that's about it.

I think it's also important to disclose how rigorously you tested your changes, too. I would hate to spend my time looking at a change that was never even tested by a human.

It sounds like you do both of these. Judging by the other replies, it seems that other reviewers may take a harsher stance, given the heavily polarized nature of LLMs. Still, if you made the changes and you're up front about your methodology, why not? In the worst case, your PR gets closed and everybody moves on.

They don't want your contribution, so don't disrespect them by trying to make it.

> I can't imagine that any policy against LLM code would allow this sort of thing, but I also imagine that if I don't say "this was made by a coding agent", that no one would ever know. So, should I just stop contributing, or start lying?

If a project has a stated policy that code written with an LLM-based aid is not accepted, then it shouldn't be submitted, same as with anything else that might be prohibited. If you attempt to circumvent this by hiding it and it is revealed that you knowingly did so in violation of the policy, then it would be unsurprising for you to receive a harsh reply and/or ban, as well as a revert if the PR was committed. This would be the same as any other prohibition, such as submitting code copied from another project with an incompatible license.

You could argue that such a blanket ban is unwarranted, and you might be right. But the project maintainers have a right to set the submission rules for their project, even if it rules out high-quality LLM assisted submissions. The right way to deal with this is to ask the project maintainers if they would be willing the adjust the policy, not to try to slip such code into the project anyway.

> [append] Getting a lot of hate for this, which I guess is a pretty clear answer. I guess the reason I'm not receiving the "fuck off" clearly is because when I see these threads of people complaining about AI content, it's really clearly low-quality crap that (for example) doesn't even compile, and wastes everyone's time.

I think you don't deserve the downvotes and, if you really do what you say you do, that's the ONLY way to use LLMs for coding and contributing to opensource software, or to a company's software. Sadly, the vast majority of LLM users don't and will never use it like that. And while they can get fired for being useless monkeys in a real company, they will keep sending PRs to opensource software, so that's clearly a different scenario that needs a different solution.

"should I stop doing this thing that people are explicitly saying they don't want me to do or should I keep doing this thing that people are explicitly saying they don't want me to do???"

[dead]

I think OP wanted to have a proof that the submitter can demonstrate understanding of both the system and the code in the PR. So how would a guidance solve that? Also OP didn't want to ban them I believe

If you plan to accept LLM contributions then a lot more effort will have to be spent on reviewing them.