RFC: Create AI policy

[pombredanne]

Context

AI is all around us and not always for the better, far from it.
We see a deluge of new contributions enabled by AI that have lowered the barrier to contribute dramatically.

Problem

AboutCode repos have roughly between 100 and 150 PR and issues contributed in the last 2 months that feel like entirely vibe coded or mostly AI-generated.

There are several issues we must consider:

• AI-generated code and content may not be copyrightable or may commonly be borrowed from open source code used in LLMs training, without any attribution and credits or license
• AI-generated content is mostly bland, conventional, flat and lacks susbtance
• The human time it may take to review a machine-generated contribution is not worth the efforts of the maintainers, as it may require asymmetrically more efforts on our side to sort out human from machine-generated contributions. Machine-generated are a sort of Distributed Denial of Maintainer Services on our projects. They are subtly and superficially looking acceptable, and even pass the tests sometimes, but are in many cases not understood by their contributors and a serious tech debt if merged.
• We are a community of people, and working with or for AI agents is not what we signed up for or want to foster. Eventually I am warming up to the ASF moto of community over code.
• We receive support from orgs like NLnet and they have an AI policy for the projects they support that we must take into consideration
• We cannot grow a community of contributors if our merge queues are flooded with machine-generated contributions

Left unchecked, our current dev envt with our repos, issues trackers, and pull requests which are our primary community communication and exchange vehicles are at risk of collapsing.

Solution

Therefore we must put in place a proper AI policy to avoid the destruction of our community and projects, one that privileges contributions from real persons over most machine-contributions.

We need also to evolve tools and approaches to consistently deal with the current and future issues, and ensure that aspiring contributors understand our policies and ethos https://en.wikipedia.org/wiki/Ethos .

Some existing reference:

• @ashleywolf acknowledging this as a serious issue for GitHub https://github.blog/open-source/maintainers/welcome-to-the-eternal-september-of-open-source-heres-what-we-plan-to-do-for-maintainers/
• @bagder removing curl from bug bounties because of AI issues https://hackaday.com/2026/01/26/the-curl-project-drops-bug-bounties-due-to-ai-slop/ (he recently stopped by our workshop at https://workshop.aboutcode.org/ to talk about it)
• NLnet AI policy https://nlnet.nl/foundation/policies/generativeAI/
• @mitchellh AI policy for ghostty https://github.com/ghostty-org/ghostty/blob/main/AI_POLICY.md
• matplotlib AI policy https://matplotlib.org/devdocs/devel/contribute.html#restrictions-on-generative-ai-usage
• matplotlib's @scottshambaugh woes at https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/ also reported by @sethmlarson https://sethmlarson.dev/automated-public-shaming-of-open-source-maintainers

[pombredanne]

I like this policy https://github.com/ghostty-org/ghostty/blob/main/AI_POLICY.md

[scottshambaugh]

At matplotlib we've been looking at the LLVM AI policy as a good reference: https://llvm.org/docs/AIToolPolicy.html

[pombredanne]

@scottshambaugh Thanks! That's handy. I've read your "AI adventures" with amusement and consternation!

I see also this policy emerging from LLVM's https://discuss.scientific-python.org/t/proposal-for-scipy-to-adopt-the-same-ai-policy-as-sympy/2230

FWIW, the LLVM's policy source is at:

• https://github.com/llvm/llvm-project/commits/main/llvm/docs/AIToolPolicy.md

The commit message at llvm/llvm-project@18695b2 and PR llvm/llvm-project#154441 are interesting for background:

[docs] Add human-in-the-loop policy for tool-assisted contributions (#154441)
Over the course of 2025, we observed an increase in the volume of
LLM-assisted nuisance contributions to the project. Nuisance
contributions have always been an issue for open-source projects, but
until LLMs, we made do without a formal policy banning such
contributions. However, LLMs are here, so we are adopting this policy,
abbreviated as "human in the loop", which requires that every
contribution has a human author attesting to the value of that
contribution, and that it is high enough quality that it is worth the
time it takes to review the contribution.

This policy evolved over time based on community input from the
following Discourse threads and a few area team and LLVM project council
meetings:

• Our AI policy vs code of conduct and vs
  reality
• [RFC] LLVM AI tool policy: start small, no slop
• [RFC] LLVM AI tool policy: human in the
  loop

@rnk @maflcko @hubert-reinterpretcast thanks for all the work there and in LLVM as this helps a lot

[pombredanne]

See also Gentoo's policy: https://wiki.gentoo.org/wiki/Project:Council/AI_policy which sounds pretty extreme, but is also about two years old, from 2024-04:

It is expressly forbidden to contribute to Gentoo any content that has been created with the assistance of Natural Language Processing artificial intelligence tools. This motion can be revisited, should a case been made over such a tool that does not pose copyright, ethical and quality concerns.