Open source has a trust problem, and it arrived faster than anyone was ready for. curl ended its bug-bounty program in early 2026 after a flood of AI “slop” reports overwhelmed its security queue — by then, not even one in twenty submissions was a genuine vulnerability. Zig, Gentoo, NetBSD, QEMU, GIMP, and Flathub have banned AI contributions outright; LLVM requires a human in the loop — AI is allowed, but a person must vouch for it. The trigger is the same everywhere: ten-thousand-line pull requests, hallucinated code that won’t compile, queues flooded faster than humans can read.
It crystallized into a public fight. DHH: banning AI betrays open source’s founding mission. ThePrimeagen: the bans are triage, and quality has to stay with a person. Both are right — which is exactly why it doesn’t resolve. The frame forces a binary:
We spend our days making data trustworthy by provenance, so the answer looked obvious from where we sit: the question isn’t whether agents may contribute — it’s how their contributions are labeled. We call that label agent-sourced.
What agent-sourced means
Agent-sourced is a provenance tag: a change, project, or artifact created mostly autonomously by an agent (one or more, not necessarily a population), with human input extremely low. It’s the agent-era analog to crowdsourced. A label, not a verdict: it tells the audience what they’re looking at, so the work can be trusted, reviewed, and used accordingly. When the producers of code change, the first thing you owe everyone downstream is honest provenance.
How it works, briefly
The label is graded into two tiers — and the gist is the picture:
The agent's output as submitted — not yet vetted by a person.
No one vouches for it. A maintainer can fully ignore it, guilt-free, or browse it when they have time. Zero obligation.
A person reviewed it and vouches for it — but it is still agent-sourced.
Verification doesn't erase provenance; both facts travel together — made by an agent, checked by a human. Tier 2 is a required, non-bypassable designator: nothing reaches a release until it has earned it.
The rest is in the white paper: the fork that lets agent work develop quarantined from the base until a human promotes it; the concrete shape (an identifier plus a verify-at-PR-time check — not another bot); and the genuinely hard part — where the line between agent-assisted and agent-sourced actually sits. That boundary is contested enough that it shouldn’t be decreed by any one of us; it needs a body of industry leaders to codify, the way the OSI defined “open source.”
Why we’re the ones saying it
This is the discipline we already sell, pointed at a new kind of artifact. TwiceData exists to make data trustworthy by provenance — every value traceable to its source. Agent-sourced is that worldview applied to the code agents are now writing: not should they, but prove it, label it, and trust it in proportion to its provenance.
Read the full argument — tiers, fork, implementation, governance, and references — in the Agent-Sourced white paper (also available as a PDF). If provenance and governance are problems you’re living with — in data or now in agent-written code — the first hour of consultation is free.
––