HeadlinesBriefing favicon HeadlinesBriefing.com

AI Code Flood Threatens Core Open‑Source Tool

Financial Times Companies •
×

The Internet’s silent backbone, cURL, was launched in 1996 and now underpins billions of daily requests. Its library, libcurl, sits in more than 20 billion installations, quietly guiding data from server to device.

Maintained by a community of 3 000 contributors, the project is run full‑time by Swedish developer Daniel Stenberg. Funding and notoriety have kept the code alive, but the project never owns a corporate umbrella. Stenberg’s role as sole paid maintainer highlights the fragile nature of many offence‑critical open‑source packages.

AI‑generated code has flooded pull‑request queues, overloading reviewers with low‑quality submissions. In January, Stenberg halted the long‑running bug‑bounty program, citing a “never‑ending slop” that drains mental resources and slows security fixes. The last major bounty paid $4,660 for a heap‑overflow flaw.

Forശ investors and product teams, the erosion of open‑source vetting threatens the reliability of downstream stacks. A single unpatched library can cascade into outages for thousands of applications, underscoring the need for robust maintenance models and transparent contribution standards.