Data, Myths, and What Leaders Must Do Now
Stormy Peters
A note before we begin
Data, Myths, and What Leaders Must Do Now
Stormy Peters · LF Member Summit · February 2026
My initial theory was partially right — but the reality is more nuanced.
The Canary in the Coal Mine
Devices running cURL globally
Global internet infrastructure estimate · Source: UN verified
Maintainers
The core team behind cURL, securing critical infrastructure.
"Taking care of this lot took a good while… none of them identified a vulnerability."
— Daniel StenbergBug Submissions
In 16 Hours
cURL Bug Bounty Program:
Terminated.
6 years · $86,000 in payouts · February 2026
"The main goal is to remove the incentive for people to submit crap… we need to do something to prevent us from drowning."
— Daniel Stenberg84% of Developers Now Use AI Tools.
GPT, Claude, and Gemini are now standard fixtures. Source: Stack Overflow Developer Survey 2025
Usage is ubiquitous. Trust is scarce.
function processUserData(data) { const userId = data.user_id; const accountStatus = data.status; // ... complex logic ... return { id: userId, status: accountStatus }; }
Subtle, critical logic error: userId is exposed in the response
Developers frustrated by solutions that are "almost right"
Say debugging AI code takes MORE time than writing it
Expectation vs Reality · METR Study · Experienced OSS Maintainers
Predicted Speed
(Experts)
Actual Speed
(Measured)
"If I am the dedicated maintainer… there is no way agent mode can do better than me."
— Dedicated OSS Maintainer, METR Study participantRandomized Controlled Trial with 16 experienced OSS maintainers.
Human-only PRs vs. AI-co-authored PRs · CodeRabbit Analysis · 470 Open Source PRs
The Pre-Existing Condition
"I have debts, a full-time job, a young family… I have already sunk thousands of hours into this project."
— Anonymous OSS Maintainer Survey RespondentSection
How the open source community is fighting back against AI-generated noise.
The Response
Expressly forbidden to contribute content created with Natural Language Processing AI tools.
of all commits use AI
Claude users disclose their AI use
disclose AI use
GitHub Copilot users disclose
Source: The AI Attribution Paradox: Transparency as Social Strategy in Open-Source Software Development
The Response
AI-Generated
Code
Policy alone can't solve this. We need to change how we use, support, and value open source.
Asking a bot and pasting the result. No understanding. No verification. No ownership.
Stenberg praised Joshua Rogers for using AI-assisted tools to find a massive list of real bugs.
The difference? A clever human driving the tool.
It used to be that we could mark GitHub issues as 'good first issue' and ambitious young engineers would show up… Now we file something as 'good first issue' and in less than 24 hours get absolutely inundated with low quality vibe coded slop that takes time away from doing real work. This pattern of 'turning slop into quality code' through the review process hurts productivity and hurts morale.— Craig McLuckie, CEO of Stacklok
Editorial Crisis
of developers use AI to learn new skills
(Up from 37% in 2024 · Stack Overflow 2025)
AI is a powerful tutor. It helps junior developers onboard and understand complex systems faster.
A tool for learning, not a replacement for knowing.
Section
Practical actions for leaders, maintainers, and contributors.
Action
Good documentation helps everyone navigate your project — and gives AI tools the context they need to be useful rather than harmful.
Action
Action
Nolan Lawson maintains blob-util — a small JavaScript utility. With 80%+ of developers using AI, they'd just ask an LLM to generate blob utilities instead of finding a library.
weekly npm downloads
AI may silently eliminate the small projects that grew the next generation of maintainers.
The question
Discussion