AI-assisted software development has evolved from simple line-level autocomplete to agents capable of planning changes, editing files, and submitting pull requests with minimal human supervision. However, the evolution of open-source software is rooted in processes designed for human contributors: contributor agreements, codes of conduct, and review norms all assume a legally accountable individual can attest to provenance and respond to reviewer queries. Autonomous and semi-autonomous AI contributors challenge these assumptions, and the record of agent-driven incidents, AI-generated nuisance volume, and platform-level shutdowns during 2025-2026 indicates that this gap is operationally significant.
Several open-source organizations have responded with contribution policies, but the results are fragmented, and their alignment with emerging AI governance frameworks (EU AI Act, NIST AI RMF with the UC Berkeley Agentic AI Profile, ISO/IEC 42001 and 23894) remains uncharted at the contribution level. We compare policies across six organizations (SymPy, LLVM, matplotlib, OpenInfra, the Apache Software Foundation, and the Linux Foundation) using Most-Similar Systems Design with indicator-based coding and process tracing for SymPy and LLVM. This leads us to derive a six-dimensional taxonomy (disclosure, responsibility, human oversight, licensing, enforcement, maintainer workload), an ordinal Policy Maturity Score, and a mapping of documented agent incidents onto the dimensions each policy fails to govern.
Aligning the dimensions with the regulatory frameworks reveals overlapping gaps that neither side currently addresses. We conclude by outlining the shape of a harmonized tiered framework and the empirical evaluation needed to calibrate it.
Blogger's Review: This article offers a profound exploration of the governance challenges posed by AI in open-source software development, particularly concerning legal accountability and policy alignment. As technology rapidly advances, the open-source community must build a more flexible and effective governance framework to ensure compliance and transparency for AI contributors.