Open source game engine Godot tightens AI rules as backlog strain mounts
AI tools may be used for limited tasks like code completion, but ‘vibe coding’ is no longer allowed… maintainers do not want to talk to a machine.

Godot logo eating AI. Image by Cybernews.
- Godot game engine is tightening contribution rules after AI-generated code overwhelms maintainers and creates backlog strain. This affects how open-source projects manage community contributions.
- The project will require contributors to write their own code and understand it, limiting AI tools to minor assistance only. Godot says this protects quality and reviewer workload.
- Maintainers report rising “AI slop” submissions, making review work more time-consuming and mentally draining. This highlights sustainability challenges in open-source development.
- Similar issues are affecting other software projects, with some reducing or pausing vulnerability reports. This shows wider industry tension around AI-generated submissions.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Massive amounts of AI-generated code contributions are increasing backlogs at Godot. So much so that the company’s development team can no longer ignore it. To reduce maintainers' workload, Godot is updating its contribution policy, including a stricter policy on AI contributions.
The developer of the open-source game engine is happy with the increased number of code contributions, or pull requests (PRs). It’s a sign that people are truly dedicated to improving the open-source game engine’s performance.
However, it has a downside as well: it causes the number of backlogs to increase because the number of qualified reviewers is limited.
“This reviewer shortage was already a problem, but it was one that we successfully ignored,” Godot explains in a recently published blog post.
According to the developer, the increased number of AI-generated contributions only made things worse, to the point that it’s considered “demoralizing.” That’s why Godot has decided to implement stricter rules for new contributors.
“It is time for us to recognize that these problems aren’t going away and therefore we need to take steps to reduce the burden on maintainers while ensuring we still have a pipeline to mentor new contributors to become future maintainers,” the foundation states.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Under the new rules, contributors are expected to write their own code so they fully understand the changes they submit. AI tools may still be used for limited mechanical tasks, such as code completion, but autonomous AI agent use or vibe coding is no longer allowed.
In addition, discussions about contributions can’t be handled by AI agents or chatbots – they have to be handled by humans.
“When our maintainers volunteer their time to review your issue, PR, or proposal, they do not want to talk to a machine. This is a basic principle of respect,” the developer says.
The stricter contribution policy has yet to be formally implemented. But the underlying message is clear: vibecoders and AI agent users are no longer welcome.
Last month, the National Cyber Security Centre (NCSC) said we should embrace vibecoding in detecting security flaws, but at the same time, not blindly trust code generated by AI tools.
“The risk isn’t in using AI. The risk is failing to apply the right safeguards when the stakes are high. It’s about recognizing that different code deserves different levels of care and oversight,” the NCSC explained.
Check if your data has been leaked
Yet, complaints about AI-generated “slop” aren’t exactly new. Curl lead developer Daniel Stenberg recently said that the number of AI-generated vulnerability reports has increased significantly in recent months to the point that he announced a break, pausing all vulnerability reports for July 2026.
“The never-ending slop submissions take a serious mental toll to manage and sometimes also a long time to debunk. Time and energy that is completely wasted while also hampering our will to live,” Stenberg explained.
In April, Nextcloud admitted it was being flooded with worthless AI-generated reports. Because of this, the company decided to end its bug bounty program.
“Like many other software projects, we have been receiving an increasing number of generic AI security reports via platforms such as HackerOne for some time now. This makes it difficult for us to identify high-quality reports. Our aim is to reduce the number of low-effort AI-generated reports and focus on what really matters,” the cloud service provider said.