There is now a “slopware” list on Codeberg cataloging FOSS projects that have used AI in any capacity—not adopted it necessarily, just used it. The entries are often absurd: one older commit reportedly listed a project because “the dev learned something from Claude once.” It’s not about code quality or security concerns, it’s about chastising and othering people for daring to open a chat window.
As if developing FOSS was not thankless enough already lol.
Some people are now refusing to use any “slopware” at all. A recent example: rsync’s developer fixed long-standing security issues that kept getting reported by people who used AI. So, he used AI to find the bugs, fixed them himself, and then also used AI to update the unit tests based on his particular needs for the tests rsync needs.
The fixes he pushed introduced regressions, which is implicit behavior that was never explicitized before. The security updates broke these behaviors, and so for a handful of people rsync stopped working.
The thing is, if you have two users with a very particular edge case and one million users without it, and all face the same security vulnerabilities, who takes precedence? Security issues need to be fixed. That’s not really negotiable.
The weirdest part about people suddenly jumping ship because there’s “AI” is that FOSS devs make no money from user engagement. Whether one person or one hundred thousand use their software means the exact same to them. A few people jumping ship will not hurt sales figures or sponsors… it’s all very capitalistic in understanding.
Anyway, rsync is a segue to the real problem: security. When the bugs were introduced in the new rsync, there was outrage. People started recommending openrsync, or forked rsync from before there were mentions of AI in the commits.
As the rsync maintainer pointed out though, openrsync fails most of the tests that rsync uses. A test is basically “does the software do this particular thing correctly: yes/no”. The fact that openrsync fails tests that rsync doesn’t means that:
- it doesn’t have feature parity,
- it might not work for your particular usecase, and
- it doesn’t fix the critical security issues the AI pointed out that rsync fixed.
This is where we are at today. You can open any agentic interface, put five dollars of credit on DeepSeek or whatever else, download the git repo and tell the AI: “find security vulnerabilities.” That is all you need to do. It will also helpfully write you a script that exploits the vulnerabilities it found.
This is why rsync had to push the security update. The problems were real, and the maintainer kept getting flooded by reports that any old joe found with their AI.
So okay, openrsync doesn’t use AI. That means it doesn’t correct security bugs that will take an AI fifteen minutes to find. It will probably never even know about these vulnerabilities unless someone is kind enough to report it on the repo, and they do fear getting put on the slopware list for committing the unforgivable sin of patching a vulnerability in their software.
If I were a hacker… I would target that slopware list (thanks for listing software that is easy to exploit btw). I would send an agent on it, find vulnerabilities that I know the maintainers will not be able to patch because they refuse to use AI to find the patterns, and then hack whatever I can with what I find.
I am far from the first person who has thought of that, I can confidently say that much.
The rsync vulnerabilities were there for twenty years. It’s just that they were so improbable to figure out that nobody did in those twenty years. AI does not work like a person. It can ingest your entire codebase and connect patterns. It doesn’t tire out either. Once it finds a thread, it can pull on it forever, trying all sorts of different ways to activate the vulnerability.
The people that forked rsync to “before the AI slop” are basically saying: “yeah, there are security vulnerabilities that everyone knows about in this fork.”
I would compare it to a firewall. A firewall prevents machines from connecting to your computer when they should not be allowed to. If you do not have a firewall, any machine can try connecting to you. Refusing to use a firewall because of some purity statement, e.g. “but I feel like hackers should not be allowed to just connect to my home computer. Before we had the internet they could not do that, so why should I change?”, is basically advertising free parking to everyone. Hackers use new methods, and you need to match those methods.
It’s not theoretical either. In May 2026, researchers found they could privilege escalate to root on any Linux machine in just ten lines of Python. They partially found it with AI. Ten lines of Python is something a “helpful” forum user can add to the end of a cracked software file they’re uploading for you and you wouldn’t even catch it.
Yes, vulnerabilities have always existed. But what AI does is allow anyone to find really improbable, deeply-buried vulnerabilities. And having a list of software that “does not use AI,” and using that software, is basically saying “come hack me.”
I don’t mean to make you paranoid about the software you use. Vulnerabilities are being exploited all the time, and it’s a game of cat and mouse where hackers find a method, and security researchers patch that method. You won’t even always have the latest patches.
What I’m saying rather is that actively refusing to use software that used AI is basically digging your own security grave. It’s like refusing to use a firewall, or refusing to move on from Windows XP.
I mean, the “slopware” repo even admits some of this:
Name: espeak-ng. Alternative to consider: espeak
¹espeak may be considered heavily outdated and very bad from a modern standpoint.
Amazing.
That’s so cool you were able to overcome on the reminder app design with the help of AI.
I think this kind of thing can really be a game-changer in the right contexts. The barrier of having to hire a software engineer, or a team of them (and just the limited resources of it), is going to mean a lot of nuances of requests that people have are just logistically unsound. It kind of makes me think of modding in video games in that way. Modding (for games that are easier to mod due to their design) removes a lot of barriers for people making little tweaks that customize the game more to their liking and with less technical knowledge needed to do it.
The right use of AI is arguably similar in a way, like in the app example you gave.
Exactly. I do think for any given software team or product, it is going to be a question how useful AI will be in their particular pipeline with their particular product. But that’s more a logistical question, which I’d imagine will relate to things like how easily you can get the AI to navigate that particular unique codebase and so on. As long as you have an approval process, you can, as you say, prevent it from committing bad code. Just as you’d do with a code review of a teammate.
Capitalism tends to lead to “enshittifying” as that one person coined the term, so that definitely can happen with or without AI in the picture.
Time is a funny thing to me with gen AI. Because gen AI can be pretty bad with actual numbers sometimes, whether it’s time or other ways they factor in. But it runs on a computer, which is on the underlying level far better and faster at numbers than humans are. So like, the token by token probability nature of it can cause it to screw up numbers, but it’s running on a thing that’s incredible at numbers.