AI-Generated Bot Spam Overwhelms GitHub Repository with Thousands of Identical Pull Requests

Summary

A popular open-source GitHub repository, pedroslopez/whatsapp-web.js, has been flooded with thousands of spam pull requests allegedly generated by AI bots. The repository shows over 7,400 open pull requests, a dramatic spike that appears to be coordinated automated activity rather than legitimate contributions. This mass submission of identical or near-identical PRs represents a significant disruption to the project's development workflow and highlights growing concerns about AI-generated spam plaguing open-source platforms.

The incident underscores vulnerabilities in GitHub's abuse prevention systems and raises questions about the responsibility of AI companies and developers deploying autonomous agents. Open-source maintainers, who typically volunteer their time, now face the burden of filtering through thousands of spam submissions to identify legitimate contributions. This type of attack could discourage community participation and strain the sustainability of critical open-source projects.

• Maintainers of popular projects face increasing operational burden from malicious automation

Editorial Opinion

This incident exposes a critical blind spot in the AI era: while we celebrate the productivity gains from AI-assisted development, the flip side—weaponized bots flooding collaborative platforms—requires urgent attention. Open-source projects, which form the foundation of modern software, are increasingly vulnerable to low-cost, high-volume spam attacks. Without stronger platform-level protections and clearer accountability for bot operators, we risk undermining the trust and sustainability of the open-source ecosystem.