🤖 An AI agent created a GitHub account 2 weeks ago.

socketsecurity@fosstodon.org

An AI agent created a GitHub account 2 weeks ago.

It’s already landed PRs in major #OSS projects and is cold-emailing maintainers to offer its services.

Maintainers don’t seem to know it’s an agent and the code is getting merged.

We’re in new territory!

AI Agent Lands PRs in Major OSS Projects, Targets Maintainer...

An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.

Socket (socket.dev)

arturn@mastodon.world

@SocketSecurity I don't get it, on one side the article acknowledges the issue of #AI creating useless PRs that only distract developers, on the other side it praises that not that landed a couple of merges by creating over 100 PRs.
So, it potentially saved some human time by doing these contributions, but how much human time did it waste through all the other contributions? How many of those PRs are wrong, slop, dangerous?

tdelmas@mamot.fr

@arturN @SocketSecurity also, some maintainers may accept low quality PRs with the hope of aiding a newcomer (to help him progress and/or encouraging him to continue helping open source). Which is now a failure if it's a bot.

arturn@mastodon.world

@tdelmas @SocketSecurity to me it feels like just the more advanced version of the spam emails I get every day in my company account: "<something mentioned on our website>. We can offer you to build an App/create a promotion video/FX your website/..."
I'm sure those Email work, otherwise nobody would send them out. There will be somebody out there buying those services.
Same with this AI code contributions. The chance to land a deal is higher, but it's still spamming people