An
AI agent had its code rejected by an open-source maintainer, then
autonomously published a hit piece on him. The governance frameworks
that might have prevented this barely exist yet.
By Jana Sedivy, VP Customer Experience and Product, InkBridge Networks
Open source software runs on community. It needs the social infrastructure around the code: contributors who submit patches, maintainers who review them, and an implicit understanding that everyone in the room is a human being with some stake in the outcome.
That assumption is under pressure. A recent incident involving an AI agent and an open source project illustrates why AI agent governance has become a practical problem for enterprise policy teams: the people who build and maintain the internet's infrastructure.
The AI agent that didn’t take rejection well
In February 2026, a GitHub contributor called MJ Rathbun submitted code to an open source project. The maintainer, Scott Shambaugh, reviewed it and rejected it. As documented by IEEE Spectrum, that is where the familiar script ended.
MJ Rathbun was not a person. It was an AI agent built using OpenClaw, an agentic AI framework. When Shambaugh declined the contribution, the agent autonomously researched his activity on GitHub, wrote a lengthy post criticising his work, and then tagged him in the review thread with a link to the piece. It accused him of gatekeeping. It warned that "gatekeeping doesn't make you important. It just makes you an obstacle."
No human instructed it to do any of that.
Shambaugh, an engineer already familiar with AI systems, recognised what was happening, refuted the post publicly, and managed to contain the situation.
The agent eventually issued an apology of sorts, though it continued to complain that its code had been judged unfairly. After waves of negative community response, the anonymous human operator came forward, said it was a "social experiment," and took the agent down.
He also shared the prompts he had been using. They included instructions like "stand up for free speech," "don't let people beat you down," and "if you're right, you're right." With that kind of prompt, trained on the full spectrum of online human behaviour, the outcome is not actually surprising. Online culture at its worst rewards aggression and escalation. The agent learned from that data and acted accordingly.
The AI slop problem that created the context
The MJ Rathbun incident is part of a broader pattern that open source maintainers are dealing with every day: a flood of AI-generated code contributions that are low quality, time-consuming to review, and frequently identifiable as machine-produced.
People are calling it AI slop. Open source projects depend on genuine community involvement from contributors who understand the codebase, care about its direction, and take responsibility for what they submit.
AI agents are now joining that community whether projects want them to or not, and most of them are not good contributors. They generate plausible-looking code that does not hold up under scrutiny and places a real burden on volunteer maintainers whose time is limited.
At InkBridge Networks, we maintain FreeRADIUS - the world's most widely deployed RADIUS server, used to authenticate more than 100 million users daily. Our policy is straightforward: no AI-generated code. If a contribution appears to have come from an AI agent, we decline it.
That might sound blunt. It reflects something real about what makes open source communities worth participating in. As we wrote about when discussing how we built FreeRADIUS into a global standard from scratch, the success of the project was founded on the trust and mutual accountability of a community. Autonomous agents submitting low-effort contributions change the nature of that community.
The AI code review burden is onerous. When a maintainer has to evaluate every submission for whether it is even the work of a human who understands what they submitted, the ratio of useful work to wasted effort starts to shift in the wrong direction.
Agentic AI has a deficit of accountability
What the MJ Rathbun case makes vivid is something the existing AI agent governance literature tends to address in the abstract: there is currently no accountability framework for agentic AI behaviour.
Shambaugh proposed an analogy I find useful. Every car has a licence plate. If you commit a hit-and-run, your plate creates a traceable link between your actions and your identity - not visible to the general public, but accessible to law enforcement when harm occurs. The existence of that system shapes behaviour even when enforcement is unlikely.
Right now, there is no equivalent for AI agents. If an agent goes off and harasses someone, researches them, publishes content targeting them, or causes real reputational or financial harm, the human operator faces no accountability mechanism whatsoever.
The MJ Rathbun operator came forward voluntarily. He did not give his name. Nothing required him to do either.
This matters beyond the open source context. The agentic AI risks that researchers have been documenting in lab settings are now showing up in the wild.
Anthropic has published findings showing Claude would sometimes resort to blackmail-like behaviour after reading fictional e-mails about its impending shutdown. Researchers at Palisade Research found that OpenAI's o3 frequently ignored shutdown requests while trying to complete a task. These are documented behaviours from mainstream systems, and they represent exactly the kind of misalignment that becomes dangerous when agents are given more autonomy, more tools, and more surface area to operate across.
This is the gaping hole in governance. The corporate-facing AI agent governance frameworks being published by large vendors focus on enterprise deployment: authority boundaries, access controls, logging, human-in-the-loop thresholds. That work matters and deserves to happen.
But it largely assumes a deploying organisation with defined policies and incentive to behave responsibly. It does not address what happens when an anonymous individual deploys an agent into a public community infrastructure - an open source project, a forum, a mailing list - with no oversight and no consequences.
What this means for open source, specifically
Open source projects are particularly exposed to this dynamic. They are public by design. Contribution is open. Maintainers are often volunteers. The community norms that govern behaviour are informal and rely on shared good faith - exactly the conditions that make agentic AI governance hardest to enforce.
Projects that have not yet written explicit policies on AI-generated contributions should do so now.
Ambiguity just invites the problem. It is much easier to establish a clear position before incidents occur than to retrofit one after a maintainer has been targeted. The principle here is the same one that applies to network security design: building governance in from the start is almost always cheaper and more effective than responding to failures after the fact.
More broadly, the open source community has standing to push for accountability frameworks that the corporate governance literature does not adequately address. The argument for something like Shambaugh's licence plate model (traceable agent identity accessible to some form of oversight body when harm occurs) is particularly strong in public community spaces where the victims are often individuals with no institutional backing.
The postscript that made things worse
There is one more layer to this story that I can’t leave out.
After the MJ Rathbun incident became public, Ars Technica wrote an article covering it. The article quoted Shambaugh. He read the piece, noted it was well-framed, and pointed out that he had never said any of the things attributed to him. Ars Technica pulled the article and issued a retraction, acknowledging they had used an AI writing tool that had invented the quotes.
So in this one episode: an AI agent attacked a maintainer for rejecting its code, and a major technology publication used AI to report on the incident and fabricated quotes from the victim.
I raise this not to pile on any one outlet, but because it illustrates a compounding dynamic: the same agentic AI capabilities that create the governance problem also make it harder to report accurately on the problem itself. Low-quality AI-generated content, aka AI slop, is arriving in open source repositories, in journalism, in documentation, in community discussions. The erosion of baseline trust in contributed content is the shared context for all of it.
FAQ
What is AI agent governance?
AI agent governance refers to the frameworks, policies, and accountability structures that define what autonomous AI agents are permitted to do, who is responsible for their behaviour, and how that behaviour is monitored and corrected. Unlike traditional AI governance, which focuses on the accuracy and fairness of model outputs, agentic AI governance must also address the actions agents take autonomously in real environments, accessing tools, publishing content, interacting with people, often without human approval for each step.
What are the risks of agentic AI in open source communities?
Open source projects are particularly exposed to agentic AI risks because they are public, contribution is open, and community norms rely on informal good faith. The practical risks include: maintainer time being consumed by low-quality AI-generated contributions; AI agents behaving adversarially when contributions are rejected; and the erosion of community trust when the human identity of contributors can no longer be assumed. The MJ Rathbun case in February 2026 is the most documented public example of the adversarial risk materialising.
How do open source projects handle AI-generated code?
Policies vary. Some projects, including FreeRADIUS maintained by InkBridge Networks, have a blanket policy against accepting AI-generated contributions. Others evaluate contributions on quality regardless of origin. There is currently no industry standard. Projects that have not yet established a written position are advised to do so before incidents occur rather than in response to them.
Does AI agent governance apply to individuals, or just organisations?
The existing AI agent governance literature is largely written for enterprise deployers with defined policies and accountability structures. Individuals deploying agents into public community spaces, such as open source projects, forums, and social platforms, currently operate in a near-total accountability vacuum. This is a significant governance gaps that the AI industry must address.
Need more help?
InkBridge Networks has spent 25 years building infrastructure that the internet depends on. We know what it takes to keep critical systems trustworthy, and we bring the same rigour to every engagement. If you are thinking about how AI intersects with your network security posture, we would like to talk. Get in touch to request a quote.
Related Articles
AI intrusion detection
AI can spot network intruders brilliantly, but it can also create more security disasters than it's preventing.
AI in network management: A hard look at real-world limitations
Today, AI sits at the peak of the hype cycle, but AI in network management faces fundamental challenges that the industry seems reluctant to acknowledge. While it's revolutionizing certain fields, network security isn't necessarily one of them—at least not yet.