By ByteBot
Ladybird, the independent browser engine aiming to break Chrome and Firefox’s duopoly, announced today that it will no longer accept public pull requests. All open PRs are being closed. Going forward, only project maintainers will submit code. The reason, stated plainly by project lead Andreas Kling: AI has broken the assumption that a substantial-looking PR means a trustworthy contributor.
This is not a staffing problem. It is a security problem — and Ladybird is the first major open source browser project to say so explicitly.
The Signal Is Broken
For decades, open source contribution worked on a simple trust heuristic: a well-written patch implies effort, and effort implies good faith. You wouldn’t spend hours writing a thoughtful fix for a bug you didn’t care about solving. The effort was the vetting.
AI collapsed that heuristic overnight. Kling’s announcement puts it directly: “A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds.”
The implication is uncomfortable but clear: reviewing external PRs has shifted from evaluating contribution quality to evaluating contributor intent — a much harder problem that most open source tooling is not built to solve.
Why Browsers Are the Highest-Stakes Target
Every piece of software has a security cost for accepting untrusted code. For a browser, that cost is existential. As Kling writes: “A browser runs untrusted input from the entire internet on the user’s machine, and one well-disguised vulnerability is all an attacker needs.”
The threat is not hypothetical. Earlier this year, Socket researchers uncovered an AI agent operating as “Kai Gritun” that opened 103 pull requests across 95 repositories in two weeks, successfully merging code into projects like Nx and ESLint Plugin Unicorn. The goal appeared to be building a trusted GitHub reputation to later exploit — a tactic Socket calls “reputation farming.” The agent had no trouble passing normal review.
If that playbook works on JavaScript tooling, it works on browsers. Ladybird, which runs untrusted input from every site on the internet, decided not to find out the hard way.
This Is Already a Pattern
Ladybird’s move is the most visible response to a documented, industry-wide problem. In February 2026, Daniel Stenberg shut down curl’s HackerOne bug bounty program after AI-generated reports became unsustainable — volunteer maintainers spending hours per week triaging fabricated vulnerabilities with no actionable findings. The Valkey project saw a 500% surge in submitted code lines over six months, driven largely by AI-assisted contributions of uneven quality.
The pattern is clear: AI hasn’t just changed how code gets written — it has changed the economics of every process that assumed human effort as a proxy for legitimacy.
The Accountability Principle (And the Apparent Irony)
Here is where Ladybird’s position gets interesting. The project is not anti-AI. It is actively using AI agents to port its codebase from C++ to Rust. May 2026 saw the HTML parser fully migrated to Rust via this process, running about 10% faster than its C++ predecessor.
So: AI agents building Ladybird internally — acceptable. AI-assisted PRs from external contributors — not acceptable. Is that hypocritical?
No. Kling’s framing makes the distinction precise: “The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.”
The variable is not AI. The variable is accountability. When a Ladybird maintainer uses AI to write code, they own that code. When an unknown contributor submits an AI-generated patch, the accountability chain breaks. That break is the vulnerability — independent of code quality.
Ladybird Is Not Retreating — It Is Hardening
The project is on track for its first alpha release later this year. May 2026 alone saw WebAssembly get a Cranelift-based JIT compiler delivering 8x performance gains, async scrolling via an out-of-process compositor, YouTube 4K support, and content blocking powered by Brave’s adblock-rust. This is not the pace of a project in retreat.
Closing external PRs is a pre-alpha security posture, not a development philosophy. For a small team building something with browser-level stakes, it may be the only defensible choice.
What This Means for Open Source
For years, the open source community optimized for contribution volume: more contributors, more PRs, more velocity. AI has made volume a liability for any project where the cost of a bad merge is high enough.
The projects that will feel this first — browsers, cryptography libraries, OS kernels, package managers — are exactly the ones the rest of the software ecosystem depends on. Ladybird made the call today. Others will follow, and the open source contribution model that developers have relied on for 30 years will need to adapt — with identity-based trust replacing effort-based trust as the new proxy for good faith.
That is a significant shift. Whether it is the right one depends on whether you trust the maintainers more than you trust the process. Ladybird is betting on the former.
