Open-source project Tldraw announces suspension of accepting external contributions due to overwhelming AI-generated junk code. Such “AI Slop” severely drains maintainers’ energy, and the community is exploring the establishment of reputation systems or escrow mechanisms to address this issue.
Overwhelmed by AI-generated content, open-source project Tldraw suspends external PRs
A popular open-source web drawing project on GitHub with over 40,000 stars, Tldraw, recently announced that it will suspend accepting pull requests (PRs) from external contributors.
Developer steveruizok pointed out that, like many open-source projects on GitHub, the team has recently observed a significant increase in contributions generated entirely by AI tools. Although some submissions are correct in form, most lack complete context, misunderstand the codebase, and the submitters rarely participate in discussions afterward.
steveruizok emphasized that an open PR represents a commitment from maintainers, meaning the contribution will be carefully reviewed and seriously considered for inclusion. To keep this promise meaningful, the team must implement stricter filtering.
Currently, Tldraw’s policy is to close all external PRs first, only reopening those that are genuinely considered. This is in the best interest of the project and code quality. Although it’s regrettable to close public contributions, steveruizok stated that they will only consider reopening once GitHub introduces better management tools.
Curl and OCaml also affected, AI Slop rampant
The decision to suspend pull requests at Tldraw is just one recent example of AI Slop (AI garbage) impacting the open-source community. Similar discussions have been heating up on Reddit and Hacker News forums.
A Reddit discussion pointed out that, Daniel Stenberg, maintainer of the well-known transfer tool Curl, revealed that the project is suffering from AI-generated erroneous reports being used in a “DDoS attack.” Approximately 20% of submissions in 2025 are AI garbage content, severely consuming volunteer maintainers’ time.
Additionally, OCaml maintainers have rejected a 13,000-line pull request generated by AI, citing that reviewing AI-produced code is more laborious than manually written code, and a flood of low-quality PRs could lead to system crashes.
Discussions on Hacker News focus on issues with GitHub’s mechanisms.
Some users believe that making PR counts prominent on the page encourages a culture of submitting for the sake of data.
The current dilemma with generative AI in open-source communities stems from many inexperienced developers using AI tools to generate worthless code, expecting maintainers to merge quickly. This behavior is damaging the collaborative trust within open-source communities.
Possible solutions: whitelist or reputation systems
In response to the harassment of garbage code (Shitcode) in open-source communities, Bitcoin developer Bryan Bishop (kanzure) responded on Tldraw’s GitHub page that he had proposed to the Bitcoin Core development team to “privatize” the development process, shifting to a model limited to invited members or requiring whitelist inclusion to post comments and PRs.
Although this might violate the spirit of Bitcoin’s openness, Bryan Bishop believes that it can effectively reduce noise and useless debates caused by non-contributors, allowing developers to focus on the technical aspects and prevent valuable attention from being diverted by malicious or invalid interactions.
Besides privatization, software engineer Steve Rodrigue also suggests establishing cross-project contributor reputation systems, verifying account value through trust networks.
Another developer is working on a blockchain-based “Stake-to-PR” protocol, requiring submitters to pay a small deposit, which is forfeited if the content is deemed AI garbage, and fully refunded if it is a valid contribution. The goal is to raise the barrier to curb AI abuse.
Further reading:
AI content flood! Web3 Dictionary names “Slop” as the 2025 Word of the Year, sparking heated discussions in the tech community
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
CertiK: In March, it recorded 46 security incidents, with total losses of about $39.8 million
CertiK reports that in March 2026 there were 46 security incidents, with total losses of approximately $39.8 million, the highest monthly number since November 2024. Security incidents increased in the fourth quarter of 2025 and the first quarter of 2026, and the occurrence of code vulnerability exploits is linked to the rise of artificial intelligence.
GateNews5h ago
ZachXBT: Circle’s compliance enforcement has been inadequate; multiple security incidents involve amounts exceeding $420 million
On-chain investigator ZachXBT published a report stating that since 2022, Circle has repeatedly failed to properly carry out compliance in multiple incidents involving illegal funds, with amounts totaling more than $420 million. The report notes that in several security incidents, Circle did not freeze suspicious accounts in a timely manner, leading to severe losses. Despite having relevant mechanisms, Circle responded slowly when facing attacks and investigations into money laundering, which affected industry security.
GateNews7h ago
Here's what 'cracking' bitcoin in 9 minutes by quantum computers actually means
Google's Quantum AI team said earlier this week that a future quantum computer could derive a bitcoin private key from a public key in roughly nine minutes. The number ricocheted across social media and spooked markets.
But, what does it actually mean in practice?
Let's start with how bitcoin
CoinDesk18h ago
Japan’s Financial Services Agency Issues a Network Security Reinforcement Policy for Crypto Asset Exchange Businesses
The Japan Financial Services Agency has issued “Policy Guidelines for Strengthening Cybersecurity for Crypto Asset Exchange Businesses and Related Entities,” with the aim of strengthening investor asset protection. It proposes a three-layer security framework to address the new landscape of cyberattacks. In subsequent plans, it will conduct penetration testing on major operators and revise the guidance to raise security standards.
GateNews19h ago
HypurrFi is suspected to have suffered a domain hijacking incident; the project team urges users to pause using the official website
DeFi lending protocol HypurrFi issues a security warning, saying that its website domain has been compromised. It urges users not to use that domain and to pause interactions. The team confirms users’ funds are safe and is investigating the domain hijacking incident.
GateNews22h ago
Elon Musk's X to Auto-Lock Accounts Posting Crypto for First Time
X is implementing a new feature that auto-locks accounts with their first crypto post to combat phishing attacks. This aims to reduce the misuse of hijacked accounts for scams while enhancing user security.
Coinpedia04-03 17:37
