Is Open Source Still Worth It in 2026?

Open source is not dying, but one of its old assumptions is under pressure. For years, the default idea was simple: keep the door open, let people file issues and pull requests, and trust that more participation would usually help the project. In 2026, that idea looks less stable.

The problem is not just that maintainers are busy. It is that sending a contribution, bug report, or security disclosure has become much cheaper than reviewing one. AI coding tools make it easier to produce something that looks plausible. Maintainers still have to decide whether it is real, useful, safe, and worth their time.

That shift is now showing up in public policy changes, tighter submission rules, and a more defensive mood across open source.

What changed

Several public moves over the last few months point to the same problem.

On January 15, 2026, the tldraw team said it would begin automatically closing pull requests from external contributors. The reason was clear in the issue itself: the team said it was seeing too many contributions generated entirely by AI tools, with weak context and little follow-up from the submitters.

Node.js moved on a different front. Its security team announced a HackerOne Signal requirement in late 2024 to reduce noise in vulnerability reporting, then tightened the policy again on February 19, 2026 so that new researchers without a Signal score of at least 1.0 could no longer submit reports through HackerOne.

curl made the same point even more bluntly. Daniel Stenberg wrote on January 26, 2026 that curl would end its bug bounty program effective January 31 after a surge in low-quality submissions, many of them shaped by AI tools. He said curl’s confirmation rate in 2025 was already below 5 percent.

These are different systems with different pressures. But they all point to the same imbalance: sending work is getting cheaper while judging work is not.

Why review work is becoming the real cost

Open source has always depended on maintainers doing expensive judgment work. They do not just merge code. They read it, question it, test it, and decide whether it belongs.

That was easier when writing a convincing patch or report required more time and knowledge. AI tools weaken that filter. A person can now generate a patch that looks competent without really understanding the codebase, or write a security report that sounds serious without proving a real exploit path.

That changes the economics of openness. Every issue, patch, and report becomes a claim on time. If the number of claims rises quickly while maintainer time stays flat, stricter gates become the rational response.

This is why trust is starting to need its own tools. Projects like Mitchell Hashimoto’s Vouch and Peak’s Anti Slop are trying to reduce review waste before a human spends more time on it.

The funding problem did not go away

If open source were richly funded, some of this pressure could be absorbed by hiring more maintainers, release managers, and security triagers. Most projects do not have that option.

GitHub has argued that open source creates roughly $8.8 trillion in economic value, while one in three maintainers are unpaid and one in three projects are maintained by a single person. GitHub’s Secure Open Source Fund and similar efforts help, but they are still small next to the scale of the problem. GitHub said in March 2026 that 138 projects had received $1.38 million through the fund.

Community funding helps too. Open Source Collective said in 2024 that it was paying maintainers more than $1 million per month through its network. But the larger mismatch remains: the software industry consumes enormous open-source value, while many of the people maintaining it still work with limited money and limited time.

That matters because AI-generated noise lands on top of this older weakness. Maintainers are not closing doors because they dislike openness. They are closing doors because review work is expensive and often unpaid.

A second question: who controls key tools?

There is another shift happening at the same time. Some of the open tools that matter to AI-era developers are moving closer to the companies building frontier models.

Anthropic announced on December 3, 2025 that it was acquiring Bun. The company said Bun would remain open source under the MIT license and continue operating in public. OpenAI announced on March 9, 2026 that it would acquire Promptfoo and continue building its open-source CLI and library. Peter Steinberger also said on February 14, 2026 that he was joining OpenAI and that OpenClaw would move to a foundation, though that was not an acquisition announcement.

These are not identical cases, and it would be sloppy to treat them as one story. But together they show how closely major AI labs are moving toward the developer tools that shape agent workflows.

That creates a second pressure for open source. The first question is whether maintainers can still handle the review burden. The second is whether the most important parts of the AI developer tool chain stay broadly governed or end up orbiting a few large vendors.

What engineers, investors, and beginners should take away

For engineers, the lesson is that contribution norms are changing. Small, well-tested, clearly explained changes matter more than ever. A polished-looking patch with weak context is less likely to get the benefit of the doubt.

For investors, the useful signal is that trust, filtering, review workflow, and governance are becoming more important parts of the software stack. The money is not only in code generation. It is also in the systems that reduce review waste and make collaboration more trustworthy.

For beginners, the lesson is simple. AI can help you understand a codebase, explain an error, or draft a fix. It does not remove the need to know what you are submitting. If a model wrote the patch, you are still responsible for the patch.

Bottom line

Open source is still worth it in 2026, but the terms are changing.

The review burden is rising faster than maintainer capacity. Funding is still thin. And some of the most important AI-era developer tools are moving closer to large vendors. Open source is not disappearing, but it is getting more selective, more defensive, and more aware that trust itself now needs maintenance.