AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
12 points by mtlynch
12 points by mtlynch
At every point in this article, intention is ascribed to LLM software tools. At no point does the author say "the human or humans who set this up did this".
The moneyshot:
But the Kai Gritun account doesn’t fit that pattern. Its PRs are getting merged. If your mental model is “agents generate slop,” this is a different story. It is plausibly useful work delivered quickly, by an agent that can submit at a high volume.
This is what will make it so effective at pulling off a supply chain attack. GitHub needs to change their policy and terms to require machine accounts to be labeled and actively flag accounts that seem to be AI bots.
I don’t see how this works. If GitHub blocks bot accounts (however they detect them) then people who want to do this will involve a human as the face of the effort.
At most, that slows the process a bit, but imho, doesn’t change anything. The bot still replaces a lot of human effort.
This is quite scary. Using AI agents to build up cred, and then eventually sneaking in Jia Tan in one of thousands of merged PR's. Maybe multiple AI agents first, for some months, to give people the impression that they're harmless.
I'm not anti-AI (anymore) but I think it's interesting to note that GitHub's responses to this are about reducing visual clutter in PRs rather than giving repo owners tools to detect and manage bot users in particular, which is what people are really asking for.
Of course, "Kai Gritun" could just as easily be a boiler room as an agent, if the goal is building a reputation upon which to get a backdoor into important code Jia Tan-style. Or a boiler room filtering agentslop to produce mergeable PRs. Depends on how much someone would be willing and able to spend on that kind of attack.