Does GitHub even take action against obvious GenAI spam accounts? #199620
Replies: 2 comments
-
|
This is a frustrating situation, and you're not alone in noticing it—GenAI/slop-content spam accounts have become a recurring issue across many repositories recently. Reporting through the profile isn't the same as your repo-level block. Blocking an account only stops it from interacting with your repos/notifications—it doesn't flag the account to GitHub Trust & Safety. To actually get it reviewed, you need to go to the account's profile → "..." (or "Block or report" in the sidebar) → Report abuse, and select the appropriate category (e.g., spam/low-quality automated content). In my experience, GitHub does eventually act on spam accounts, but reports that include concrete examples and evidence usually receive attention much faster than generic reports. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, Thank you for raising this concern. Many maintainers have noticed a growing number of AI-generated or low-quality reports, pull requests, and security submissions across open-source projects, so your frustration is understandable. I would appreciate clarification from the GitHub team regarding: What processes are currently in place to identify and remove accounts that repeatedly submit demonstrably false, AI-generated, or spam content? Open-source maintainers invest significant time reviewing reports and contributions. Reducing the impact of malicious or low-quality automated submissions would help maintainers focus on legitimate security issues and community contributions. Thank you for any insight you can provide on GitHub's current approach and future plans regarding this issue. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Question
💬 Feature/Topic Area
Other
Body
I guess we are all aware of the current wave of slop contributions targeting a large amount of FOSS projects. One of my projects is also targeted and I have blocked all these accounts and reported quite some of them.
However, it baffles me seeing these accounts still active and keep acting on their mischievous intentions.
How come an account such as https://github.com/lighthousekeeper1212 is still active? This account has posted three figure unsolicited security reports across various repositories while a large amount of them are purely hallucinated. As if that wasn't enough, this bot also blatantly ignores the security guidelines of a project in order to spread its hallucinated reports.
So, does GitHub not care? Does it even encourage this behaviour?
I've never received any feedback when I reported this bot. Hence I fear that GitHub doesn't really care about the problem. Note: It's been a few months now since I reported that account. And I reported a lot more, some of them were even registered on the same day when they posted their nonsense issues.
Beta Was this translation helpful? Give feedback.
All reactions