nader dabit(@dabit3):Super interesting story that shows how the current state of @github is unable to protect open source maintainers from AI spam at any meaningful scale. @archestra_ai put up a $900 GitHub bounty. AI accounts blew the issue up to 253 comments and proceeded to flood the entire repo with untested PRs. Their fix was a contributor whitelist hack: go through and pass onboarding, then a GitHub Action authors a commit as you so GitHub lets you back in. GitHub needs better anti-bot and anti-spam mechanisms so people don't have to build these types of mechanisms themselves.

2026.05.18 20:06

Super interesting story that shows how the current state of @github is unable to protect open source maintainers from AI spam at any meaningful scale. @archestra_ai put up a $900 GitHub bounty. AI accounts blew the issue up to 253 comments and proceeded to flood the entire repo with untested PRs. Their fix was a contributor whitelist hack: go through and pass onboarding, then a GitHub Action authors a commit as you so GitHub lets you back in. GitHub needs better anti-bot and anti-spam mechanisms so people don't have to build these types of mechanisms themselves.