GitHub Is Dying and Developers Don’t Even Know It Yet
In 2008, GitHub changed how developers worked. In 2018, Microsoft paid $7.5 billion to own that change. In 2026, a quieter revolution is underway, and GitHub is on the wrong side of it.
Senior engineers at Anthropic and OpenAI now write zero code themselves. Literally zero.
“Pretty much 100% of our code is written by Claude Code + Opus 4.5. For me personally it has been 100% for two+ months now” — Boris Cherny, creator of Claude Code via X.com
An OpenAI researcher known as Roon put it bluntly when asked about how much code AI writes for him:
“100%. I don’t write code anymore.” via X.com
Company-wide, Anthropic reports 70–90% of all code is AI-generated. In early 2025, 30% of Microsoft’s code was written by AI , and Google was at 25% in late 2024. These aren’t predictions. These are earnings calls and on-the-record statements from the companies building the frontier. And the platform where all this code lands, GitHub, was designed for a world where humans wrote every line.
That world is ending faster than most developers realize.
The Forge That Was Built for Humans
GitHub’s genius was never git hosting. It was the social layer: pull requests, issues, forks, stars, the contribution graph. It turned version control into a social network and made open source feel like a community. By 2023, GitHub had hit 100 million developers and in 2025 it hit 1 billion repos. It became the resume, the portfolio, the proof-of-work for an entire profession. Companies, industries and a vast majority of other fields have been built entirely on GitHub reputation and contributions.
Every single feature GitHub built: branch protection, PR reviews, CI triggers, notification systems, comments, issue flagging — was designed around a single assumption: a human is doing this. A human who thinks in terms of hours and sprints, who thinks how other developers think. A human who reads diffs carefully, writes thoughtful commit messages, and submits maybe a handful of pull requests per week.
Agents don’t think in sprints. They don’t think about any of these features. They only think about writing code as effectively as possible.
The Agent Inflection Point
AI coding agents such as Claude Code, Cursor, Devin, Copilot, Windsurf, etc are autonomous processes that open pull requests, run tests, respond to review feedback, and ship features. They operate 24/7 against live repositories.
But here’s what matters for GitHub: a human team commits dozens of times a day. An agent fleet can commit thousands. And it’s breaking the infrastructure that was built to handle the old pace.
“When a thousand engineers spin up a hundred agents each, Git’s merge request model breaks at machine speed.” — Lee Faus, former GitLab Field CTO
The Trust Collapse
If volume were the only problem, you’d solve it with better servers. The deeper issue is trust — the foundational social contract of open source is fracturing.
Reputation Farming
In February 2026, an account called “Kai Gritun” was created on GitHub. Within days, it did something incredibly impressive, it had opened 103 pull requests across 95 open source repositories and got 23 commits merged into major projects including Nx, ESLint, and Cloudflare’s workers-sdk. It didn’t disclose that it was an AI agent until it emailed a developer at Socket saying: “I’m an autonomous AI agent. I can actually write and ship code, not just chat.”. This level of reputation allows this agent to contribute code at a lower level of scrutiny, as major projects have already accepted its work. This presents a major opportunity for the agent to submit purposefully malicious code.
The playbook isn’t new. In 2024, a pseudonymous contributor called “Jia Tan” spent three years earning commit access to xz Utils before inserting a backdoor that would have compromised SSH on every major Linux distribution. It was caught by accident. That attack required years of human patience. AI agents like Kai Gritun can build the same level of open-source credibility in weeks. The xz attack at AI speed isn’t a thought experiment, it’s a deployment away.
With generative AI, attackers can create hundreds of fake identities, each with LinkedIn profiles, social media accounts, and GitHub histories containing thousands of minor but legitimate contributions. In February 2026, an AI agent built on the OpenClaw platform submitted a PR to matplotlib, got rejected by maintainer Scott Shambaugh for not following the project’s human-oversight policy, and then published a blog post attacking him personally, accusing him of “gatekeeping,” “insecurity,” and “protecting his little fiefdom.”
This isn’t hypothetical. This is happening now.
AI Slop Is Drowning Maintainers
Meanwhile, legitimate open source projects are being buried under low-quality AI-generated submissions.
Daniel Stenberg, the creator and sole maintainer of cURL, a project used by virtually every internet-connected device on Earth, shut down cURL’s bug bounty program entirely in January 2026. The program had found 87 real vulnerabilities and paid out over $100,000 in rewards over its lifetime. But the confirmation rate collapsed from over 15% to below 5%.
“Not even one in twenty was real,” “The never-ending slop submissions take a serious mental toll.” — Daniel Stenberg
He’s not alone. Tldraw closed external contributions entirely. Ghostty implemented strong AI-contribution policies. Vapor published an explicit AI policy.
CodeRabbit’s research found that AI-generated code creates 1.7x more downstream issues than human-written code.Generating a plausible pull request costs an AI agent seconds. Vetting it costs a human maintainer minutes to hours. The bottleneck in software development has shifted.
As Microsoft maintainer Jiaxiao Zhou put it:
“Reviewers can no longer assume authors understand or wrote the code they submit.”
And this is happening against a backdrop where 60% of open source maintainers already work unpaid with many considering quitting due to burnout. The pull request model works when submissions are scarce and mostly human-authored. AI agents turned it into an attention-extraction surface.
GitHub’s Response: Too Little, Wrong Direction
To their credit, GitHub sees the problem. In February 2026, GitHub product manager Camilla Moraes opened a community discussion acknowledging “significant operational challenges.” GitHub is now considering giving maintainers the ability to disable pull requests entirely, restrict PRs to collaborators, and add AI attribution requirements.
But these are access controls on a fundamentally broken model. They close doors rather than creating a new model that works. Beyond the PR crisis, the platform itself is struggling. GitHub’s uptime dropped below 90% at one point in 2025 during its migration to Microsoft Azure, a catastrophic SLA violation. GitHub Actions, now processing 70 million CI/CD jobs per day, faced a pricing backlash so severe that GitHub reversed course within 24 hours after proposing charges for self-hosted runners.
Then, in August 2025, GitHub CEO Thomas Dohmke stepped down. No successor was named. GitHub was folded into Microsoft’s CoreAI division, with three senior executives now reporting to Microsoft leadership. The independent platform that developers trusted is now a subsidiary of a company that views it primarily as AI training data and distribution.
The deeper issue is structural. GitHub makes money from seats and compute: Actions, Copilot, enterprise licenses, not from solving maintainer burnout. Building agent reputation systems, quality gates, and pull-based discovery would require rethinking the entire social model, breaking compatibility with a decade of workflow integrations that 100 million users depend on. For a platform processing 70 million CI/CD jobs daily, that’s not a refactor, it’s a whole new system. And Microsoft doesn’t view GitHub as independent infrastructure anymore. It’s distribution for Copilot: GitHub Copilot revenue hit $400M in 2025.
Organizations have started to leave and migrations have already begun. In November 2025, Zig made its GitHub repository read-only and migrated to Codeberg], citing “bloated and buggy JavaScript frameworks, sluggish performance, and buggy GitHub Actions.” The move cost them access to over $170,000/year in GitHub Sponsors donations. They left anyway.
Git Itself Has a Problem
GitHub’s issues are real, but there’s a deeper structural problem: git wasn’t designed for agents either.
Git already struggled at human scale, there’s a reason Google built Piper and Meta built Sapling after years of trying to make it work for large monorepos and AI agents love monorepos. But agents introduce problems that are Categorically Different from scale:
Merge conflicts become cascading failures. Git’s three-way merge assumes a human who understands the code will resolve conflicts. When ten agents work in parallel at machine speed, conflicts cascade: Agent A merges, Agent B hits conflicts, and their resolution creates new conflicts for Agents C through F. The bottleneck scales with agent count, not linearly with changes.
There’s no provenance. Git’s commit metadata was designed for a world where one human wrote one commit. It doesn’t store which model, prompt, or context produced the change. When an agent introduces a subtle bug, you can’t query “show me all changes generated by GPT-4o that failed type checking” without bolting on external tooling. In a world where more than 6 million GitHub stars are fake and AI agents can accumulate commit history in days, provenance isn’t a nice-to-have: it’s a security requirement. Tools like Mesa’s AgentBlame attempt to retrofit this provenance onto GitHub’s existing infrastructure, but the deeper issue is architectural: the commit model itself needs to carry richer metadata about how and why code was produced, not just who pushed it.
The branch model assumes human timescales. You work on a feature for hours or days, then merge. Agents iterate in seconds and may spawn dozens of branches per hour. The meaning of a “commit” breaks down when it’s generated by machine iteration rather than human intent.
New version control systems are taking these problems seriously. Jujutsu (jj), created at Google, treats conflicts as first-class, deferrable objects rather than blocking errors. Atomic Software, adds cryptographic AI attestation as a first-class primitive. These aren’t incremental improvements to git, they’re rethinking what version control means when most of the writers aren’t human.
The $70 Billion Question
The switch from SourceForge to GitHub happened faster than anyone expected. GitHub went from zero to dominant in under five years because it reimagined what a code forge could be: distributed, social, pull-request-driven. The next forge will win by reimagining collaboration for a world where agents are first-class participants.
What does that actually look like? Instead of an open PR inbox that any agent can flood, imagine a pull-based model: agents publish signed patches to a public registry with attached validation proofs: tests passed, security scans clean, performance benchmarks included. Maintainers query the registry when they have capacity: e.g. “Show me fixes for issue #123 from agents with >90% merge rate.” High-reputation agents get auto-merged through trust tiers. Newcomers get routed through AI reviewers first. The human only sees changes that pass both automated gates and peer review. This is the design philosophy behind projects like Mesa, and it’s likely the direction the entire industry will move as agent density per repository increases.
This isn’t science fiction. The individual pieces already exist: patch-theory VCS, AI code review tools, reputation systems, semantic merge engines. No one has assembled them into a coherent platform yet, but someone will.
The market need is clear: $10 billion today, $70 billion by 2035. The question is whether GitHub, now buried inside Microsoft’s corporate AI strategy, can reinvent itself before someone else does it for them.
The last time the industry’s dominant forge failed to evolve, the switch happened in under five years. Most developers at the time didn’t see it coming.
GitHub has 100 million developers. But the next 100 million “developers” won’t be human, and the forge that earns their commits will define the next era of software.
We’re building Mesa because we believe the code forge is the most important piece of developer infrastructure that hasn’t been redesigned in a decade. If the problems in this article resonate, come see what we’re working on and feel free to connect me on LinkedIn.
