Open-source software underpins much of the digital world, yet a surprising number of critical programs are maintained by just one person. Josh Bressers, VP of security at Anchore, revealed that 7 million out of 11.8 million open-source projects have only a single maintainer, and half of the 13,000 most-downloaded NPM packages fall into this category. This fragility has long been a concern, but AI coding tools are now showing real promise in easing the burden. Greg Kroah-Hartman, maintainer of the Linux stable kernel, noted a sharp improvement in AI-generated security reports: "Months ago, we were getting what we called 'AI slop'... A month ago, the world switched. Now we have real reports." These tools are producing accurate, usable outputs that security teams across open-source projects are already relying on. Dirk Hondhel, Verizon's senior director of open source, believes AI tools will be capable of maintaining code with acceptable results by the end of the year. Ruby maintainer Stan Lo (st0012) has used AI for documentation, refactoring, and debugging, and wonders if it could revive unmaintained projects. Projects like ATLAS (Autonomous Transpilation for Legacy Application Systems) are already helping modernize outdated code. However, legal questions remain, especially around whether AI-generated code based on open-source projects constitutes a derivative work—issues that may soon land in court.
When Greg Kroah-Hartman says AI went from producing "slop" to "real reports" in a month, that means the tools are no longer just assistants—they're becoming credible contributors. This leap could ease the unsustainable load on solo maintainers of critical software, including systems Nigerian developers rely on daily. While AI won't replace core maintainers like Linus Torvalds, it may prevent collapse in overlooked but vital codebases. The real risk now isn't technical—it's legal, as courts will have to decide whether AI output based on open-source code breaks licensing rules.
