Open Source Under Attack

By Chris Short

In March 2022, when the US Federal Reserve System ended its Zero Interest Rate Policy, or ZIRP era, interest rates began rising, marking the end of the “cheap money period.” Almost all major tech companies conducted layoffs in the following months, citing various economic pressures, including higher borrowing costs. This shift significantly impacted open source contributors across multiple projects. Combined with the recent AI boom period, where AI has undergone a dramatic shift in the enterprise arena from a nascent technology to an indispensable tool, maintainers and organizations are being forced to rethink their processes and procedures for the AI era.. The impacts on open source software communities are unfolding right before our eyes, demanding coordinated responses rather than isolated reactions.

A Shrinking Safety Net for Open Source

Major technology companies that have historically been pillars of open source support have not been immune. Companies like Meta, Google, Amazon, Microsoft, and many others have all executed substantial workforce reductions, citing economic pressures including rising interest rates and shifting market conditions.. These companies are among the largest contributors to open source projects globally. This has sent shockwaves across open source communities, as contributors have lost time to contribute upstream, been forced to deprioritize open source work altogether, or have lost their jobs entirely.

The level of effort required by the remaining open source contributors and maintainers has increased, prompting communities to explore more tooling and collaborative approaches rather than relying on individual heroics. When large tech companies reduce headcount and tighten their budgets, the ripple effects extend far beyond their walls, affecting the entire open source ecosystem. Open source communities are feeling that pain every day. Thinner budgets result in fewer sponsorships, fewer events, and reduced open source funding. Projects that relied on corporate sponsorship or employees with allocated time for open source contributions suddenly find themselves needing to pool resources and diversify their support base to survive.

AI: A Collective Challenge Requiring Unified Standards

The AI challenge shows us why individual project responses fall short in the face of increasing usage of AI tools. Open source maintainers across different projects are witnessing waves of AI-generated contributions that fail to meet community standards or come from contributors with no history in the project. This shared problem demands shared solutions:

  1. AI-generated pull requests add to the already overworked contributors’ and maintainers’ workload, as the requests still have to be triaged — a burden that should be made easier through shared filtering tools and standards.
  2. If a contribution is considered a good starting point, a process to onboard the new contributor takes place before it is accepted. However, these contributions often come from individuals who are not regular attendees at community meetings or are difficult to contact for various reasons, underscoring the need for community-wide frameworks to triage requests to merge code into a project.
  3. A contribution may require additional work, and if not immediately accepted, the request creator may not respond, thereby prolonging the triage process. Individual projects repeatedly encounter the same AI-generated patterns, but shared knowledge could significantly improve developers’ experiences.

By pooling knowledge about these specific AI-generated patterns, maintainers can quickly identify likely time-wasters without dismissing legitimate contributions, whether they come from regular contributors or someone fixing a bug they just encountered. The focus stays on pattern quality, not specific contributor history.

While maintainers across projects face these same AI-generated patterns regularly, no formal initiative exists to document and share this knowledge. The open source ecosystem needs a collaborative effort to create a shared repository of AI contribution patterns and effective responses. Not all AI-generated code is bad, of course, but there is some risk when accepting it as the origins are unknown.

Strengthening Open Source: Solutions for Companies and Individuals

The challenges facing open source today — from economic pressures to the complexities introduced by AI — require more than awareness. They demand action. Fortunately, there are clear, concrete steps that companies and individuals can take right now to strengthen the vitality of open source communities.

For companies

  • Treat open source as a strategic investment, not a discretionary spend. Just as organizations dedicate resources to cybersecurity or compliance regardless of the market cycle, open source contributions should be protected from routine budget cuts. This can include allocating a fixed percentage of engineering or R&D budgets to upstream contributions and project support.
  • Report and celebrate contributions publicly. Transparency builds trust with both internal stakeholders and the wider community. Annual or quarterly reports highlighting contributions — from code to documentation and community engagement — set a positive example and encourage further participation.
  • Support non-code contributions. Many critical gaps in open source projects lie outside code: governance, security reviews, release engineering, and documentation. Funding or assigning staff to these areas often delivers an outsized impact and helps maintain project health.
  • Champion clear AI licensing standards. As AI adoption accelerates, companies can support the development and adoption of transparent, community-driven definitions and integrate these standards into procurement and risk frameworks.

For individuals

  • Engage beyond code. Improving documentation, mentoring new contributors, participating in governance discussions, or simply helping triage issues are all invaluable contributions. Even small, consistent efforts can strengthen a project’s resilience.
  • Advocate internally. Share success stories and highlight dependencies on open source within your organization. Help leadership understand the long-term value of upstream engagement.
  • Contribute to community discussions on licensing and AI ethics. By participating in a project, individuals can help shape more transparent and sustainable practices.

For the ecosystem

  • Collectively support shared infrastructure. Joining or donating to neutral organizations and sustainability funds can stabilize critical projects and reduce single points of failure. Organizations like the Open Enterprise Linux Association (OpenELA), founded by CIQ, Oracle, and SUSE, show how companies can pool resources and work together to support long-term, community-driven access to critical project source code. Alliances like these help mitigate the risks of single-vendor control in ways that complement the work of project-oriented foundations.
  • Promote shared definitions and standards. The broad adoption of open source standards will help developers set clear expectations and reduce fragmentation across the industry.

The Path Forward

At the intersection of post-ZIRP economics and AI’s challenges lies both a crisis and an opportunity for open-source communities. On one hand, traditional funding models are under severe stress, corporate contributors are reducing their involvement, and the sustainability crisis that was already acute has become critical. Open source powers the systems we all use every day, which means keeping it healthy is a shared responsibility. Companies, governments, developers, and users all have roles to play in ensuring the survival of open source.

Decisions made by companies, maintainers, and policymakers in the coming years will determine whether open source emerges from this transition stronger and more sustainable or whether critical projects will continue to operate on the edge of collapse, held together by the goodwill of overworked volunteers. The stakes could not be higher, and the time for half-measures has passed.

Whether a company, individual, or part of a larger ecosystem, by moving from passive consumers to active stewards, we can ensure open source remains a vibrant, reliable foundation for innovation, regardless of the technical and governance challenges that lie ahead.

The Featured Blog Posts series highlights posts from partners and members of the All Things Open community leading up to ATO 2025.