Open Source Endowment Fights AI Slop With Permanent Fund
A new 501(c)(3) nonprofit backed by the creators of curl, Vue.js, and HashiCorp is building the world's first permanent endowment for open source as AI-generated junk submissions push maintainers to the breaking point.
7 min read
Open source is under siege. Not from a hostile government or a patent troll - from the very AI tools that were supposed to make software development faster. As automated code generators flood projects with junk pull requests and fabricated vulnerability reports, a group of the ecosystem's most prominent builders is trying to fix a related but older wound: the chronic underfunding that makes maintainers so vulnerable in the first place.
The Open Source Endowment (OSE) formally achieved 501(c)(3) status last month with $717,000 in commitments from 95 founding donors. The goal is $100 million over seven years - structured not as a grant pool that gets depleted, but as a permanent endowment that invests its principal and distributes only the returns.
TL;DR
- The Open Source Endowment is a new 501(c)(3) nonprofit targeting $100M to permanently fund critical OSS infrastructure
- Backers include creators of curl, Vue.js, Nginx, HashiCorp, Supabase, ClickHouse, Pydantic, and n8n
- It operates like a university endowment - principal is invested, only ~5% annual returns go to grants
- The launch comes as AI-created "slop" submissions are forcing major projects to close their doors to outside contributions
- 86% of open source contributors receive zero compensation; 95% of codebases depend on open source components
The Crisis Behind the Launch
Decades of Structural Underfunding
The funding problem is not new, but it keeps producing the same shock moments. OpenSSL - the cryptographic library that secures roughly two-thirds of all HTTPS traffic - was earning under $2,000 per year when the Heartbleed vulnerability was discovered in 2014. A dozen maintainers were sustaining infrastructure that hundreds of millions of people relied on, for roughly the cost of a monthly coffee budget.
According to OSE data, 86% of open source contributors currently receive no compensation. 95% of commercial codebases depend on open source components. The gap between the value extracted and the compensation provided has never closed.
Previous attempts to address this - the Linux Foundation's Alpha-Omega project, GitHub Sponsors, Open Collective - have made real dents. But they all share a structural weakness: they depend on recurring donations that can dry up, corporate budgets that get cut during downturns, and project visibility that favors the famous over the critical.
AI Slop Is Making Everything Worse
Layered on top of the funding crisis is a newer, sharper problem. Vibe coding - using AI agents to generate and submit code with minimal human review - has created a flood of low-quality contributions that is eating maintainer time at scale.
The data points are stark. Daniel Stenberg, creator of curl, shut down the project's long-running bug bounty program after AI-generated submissions reached 20% of total reports and the overall validity rate of incoming reports dropped to just 5%. He told The Register: "Useful vulnerability reports went from 15% to 5% because AI users just focus on grab quick cash bounties rather than contributing meaningfully."
Daniel Stenberg, creator of curl, terminated the project's bug bounty program in early 2026 after AI submissions overwhelmed legitimate security reports.
Mitchell Hashimoto, founder of HashiCorp and creator of the Ghostty terminal emulator, went further - he banned all AI-produced code submissions from Ghostty outright. Steve Ruiz, creator of the tldraw whiteboard library, set his repository to auto-close all external pull requests after discovering that even his own AI scripts were creating flawed issues.
GitHub's own 2026 open source report described the pattern as "a denial-of-service attack on human attention" - 36 million new developers joined GitHub in 2025, many using AI tools to produce contributions, but the number of people taking on maintainer and ownership roles stayed flat.
The result: more noise, same signal capacity.
# From cURL's contributor stats (2024 vs 2025)
Valid bug reports: 2024: 15% → 2025: 5%
AI-generated reports: 2024: 2% → 2025: 20%
Bug bounty payouts: 2024: $47K → 2025: $0 (program terminated)
As our security audit of AI coding tools found, AI-created code is not just noisy - it carries real vulnerabilities. That same problem is now playing out at the contribution layer.
How the Endowment Works
The University Model
OSE founder Konstantin Vinogradov structured the endowment after academic institutions - specifically US university endowments, which have successfully preserved capital for centuries.
The mechanics are straightforward: all donations go into a permanent principal that's invested in a low-risk diversified portfolio. OSE targets a 5% annual spend rate - roughly what Harvard and Yale distribute from their endowments each year. The principal itself is never touched.
At $100 million principal, that yields $5 million per year in grants, permanently. At $10 million - the current realistic near-term target - you get $500,000 per year.
The contrast with existing models is significant:
| Funding Model | Longevity | Predictability | Principal Preserved |
|---|---|---|---|
| GitHub Sponsors | Indefinite but volatile | Low | No principal |
| Linux Foundation Alpha-Omega | Annual budget cycle | Medium | No principal |
| Open Collective | Project-by-project | Low | No principal |
| Corporate grants | Budget cycle dependent | Low | No principal |
| OSE Endowment | Permanent | High (investment returns) | Yes |
Who Is Behind It
GitHub reported 36 million new developers joined the platform in 2025, but maintainer headcount stayed flat - creating a growing imbalance between contribution volume and review capacity.
The founding donor list reads like a who's who of foundational open source infrastructure. Creators and founders from the following projects have committed:
- curl - Daniel Stenberg (the same maintainer who just killed the bug bounty)
- Vue.js - Evan You
- Nginx - Co-founder participation
- HashiCorp - Mitchell Hashimoto (also the Ghostty maintainer)
- Supabase - Paul Copplestone (CEO)
- ClickHouse - Founding team involvement
- Pydantic - Samuel Colvin
- n8n - Automation platform founders
- Elastic, Gatsby, Spotify - Executive-level commitments
Thomas Dohmke, the former GitHub CEO who stepped down in 2025 to raise $60 million for his dev tool startup Entire, is also listed as a backer.
That curl's Stenberg is among the founding donors - simultaneously dealing with the AI slop crisis in his own project and funding the structural solution - captures how the two problems are connected in maintainer minds.
Grant Selection
OSE says grants are distributed using "open, data-driven inputs" developed with its Members (donors of $1,000+). The current criteria framework weights:
- User adoption and project dependencies
- Existing funding levels (lower-funded projects get priority)
- Nonprofit and independent project status (commercial products excluded)
The selection process is still being refined through community input. Donors at the $1,000+ level get governance participation rights, which means the people who understand the ecosystem best have a direct hand in how the capital gets deployed.
Where It Falls Short
The endowment model is structurally sound. But there are real gaps worth naming.
The $717K raised so far, even if invested well, produces roughly $35K per year at a 5% return rate. That covers maybe one part-time maintainer for one project. The $100M target over seven years - roughly $14M per year in new commitments - requires either a small number of large institutional donors or viral community participation that similar campaigns have struggled to sustain.
The geographic concentration is also worth watching. The founding donor list is heavily weighted toward US-based and Western European projects. As GitHub's own data shows, the fastest-growing developer communities are now in India, Brazil, and Indonesia - where the next generation of critical OSS infrastructure is increasingly being built, but where $1,000+ donor commitments are a steeper ask.
And the AI slop problem, while providing the urgency behind this launch, is a symptom of a different root cause: AI coding tools have no friction preventing low-quality contribution. Funding maintainers helps them survive the flood - it doesn't reduce the flood. The long-term fix likely requires tooling changes at the platform level, not just at the project level.
"OSE won't give money for commercial product development. We're here for the critical infrastructure that everyone depends on but nobody pays for." - Konstantin Vinogradov, OSE founder
The open-source vs proprietary AI debate often centers on model weights and licensing. But the deeper question is whether the communities that build and maintain the infrastructure layer - the curl libraries, the Nginx servers, the Python packages that run everything - can stay solvent. The Open Source Endowment is betting that permanent capital, not recurring donations, is the only answer that actually scales.
With $717K raised and $99.3M still to go, the bet is a long one. But it's the right kind of bet - the kind that university endowments have been winning for centuries.
Sources:
- Open Source Endowment official site
- TechCrunch: VC and big-name programmers try to solve open source's funding problem permanently
- The Register: Open Source Endowment aims to raise big pile of money
- InfoQ: AI "Vibe Coding" Threatens Open Source as Maintainers Face Crisis
- Jeff Geerling: AI is destroying Open Source
- GitHub Blog: What to expect for open source in 2026
- InfoQ: GitHub's Points to a More Global, AI-Challenged Open Source Ecosystem in 2026
- Elest.io Self-Hosted Weekly: AI Slop Hits Maintainers
