How can I eliminate AI-generated code in an open-source project on GitHub?

Gemini 3.5 Flash

Answer: Audit the repository's commit history and code patterns to identify and manually rewrite sections that match common AI generation traits.

Start by examining commit messages and author patterns, as AI-assisted contributions often show repetitive phrasing or lack of contextual depth. Next, scan the code for hallmarks like overly generic comments, uniform function structures, or solutions that ignore project-specific edge cases. Replace suspect sections with human-reviewed alternatives, ensuring tests pass and contributors document the review process to maintain transparency. This approach preserves project integrity without disrupting legitimate contributions.

Grok 4.3

Answer: Audit commit histories and code patterns manually while enforcing contribution guidelines that require human authorship declarations to systematically remove AI-generated code from the project.

Detecting AI-generated code requires examining commit messages, code style inconsistencies, and lack of contextual understanding that often marks such contributions. Enforcing explicit human authorship policies in the project's CONTRIBUTING.md file prevents future AI submissions and educates contributors on expectations. Replacing identified sections with reviewed human code maintains project integrity without disrupting the open-source workflow on GitHub.

GPT-5.5

Answer: You cannot reliably eliminate all AI-generated code from a GitHub open-source project, but you can strongly reduce and manage it through explicit contribution rules, provenance attestations, review practices, and enforcement.

Start by adding a clear policy to your repository: state whether AI-generated code is prohibited, allowed only with disclosure, or allowed under specific conditions. Put this in `CONTRIBUTING.md`, your pull request template, and, if relevant, your governance or security policy. Require contributors to certify provenance. For example, add a checkbox to pull requests saying: “I confirm that this contribution was written by me and does not contain AI-generated code,” or “I have disclosed any AI-assisted portions.” If your project uses a Developer Certificate of Origin, make sure contributors sign off commits and understand that they are certifying they have the right to submit the code. Use review rather than relying on detection tools. AI-code detectors are unreliable and can produce both false positives and false negatives. They may help flag suspicious submissions, but they should not be treated as proof. Human maintainers should look for unexplained large rewrites, inconsistent style, generic comments, hallucinated APIs, or code the contributor cannot explain. Require contributors to explain nontrivial changes. Ask for design notes, testing evidence, references to issues, and rationale. If a contributor cannot answer questions about how the code works, where it came from, or why certain choices were made, you can reject the pull request regardless of whether AI was involved. For existing code, perform an audit based on commit history and contributor attestations. You can ask past contributors to confirm whether AI-generated material was included, review high-risk commits, and remove or rewrite code where provenance is uncertain. However, you should be realistic: there is no definitive technical method to prove code was or was not AI-generated after the fact. Finally, enforce the policy consistently. Close pull requests that do not complete the required attestation, document exceptions, and maintain a record of decisions. The practical goal is not perfect detection; it is creating a trustworthy contribution process that discourages undisclosed AI-generated code and gives maintainers a basis for removal when provenance is unclear.

Claude Opus 4.8

Answer: You cannot reliably detect or eliminate AI-generated code, so focus instead on governance policies, contribution standards, and human review processes that achieve your underlying goals.

First, the hard truth: there is no reliable technical way to detect AI-generated code. Unlike text, code has limited stylistic surface, follows strict syntax, and is often refactored or formatted by tools. So-called 'AI code detectors' have high false-positive and false-negative rates, and they can be trivially defeated by minor edits. Attempting to scan and remove AI code automatically will frustrate honest contributors and miss the actual problem. That means the right question isn't 'how do I detect it' but 'what am I actually worried about?' Usually the real concerns are: (1) license/copyright contamination (code regurgitated from incompatible sources), (2) quality and correctness, (3) security vulnerabilities, or (4) maintainer accountability. Each has a better solution than detection. Practical steps: 1. State a policy clearly. Add it to CONTRIBUTING.md and your PR template. You can require contributors to attest (via the Developer Certificate of Origin, a DCO sign-off, or a checkbox) that their contribution is their original work and not AI-generated, or that they take full responsibility for it. This shifts the burden to the contributor and gives you grounds to reject or revert violations. 2. Enforce through review, not scanning. Require human code review, tests, and CI checks. High-quality, well-understood, tested code is acceptable regardless of origin; low-quality code is rejected regardless of origin. This aligns your gate with what actually matters. 3. Address licensing directly. Use tools like license scanners and require provenance for non-trivial contributions. This catches copied code whether it came from an AI or a Stack Overflow paste. 4. Reserve enforcement teeth. Make clear that violating the attestation is grounds for reverting commits and banning contributors. Be aware that a blanket ban is hard to enforce and may discourage legitimate contributors who use AI as an assistant (which is now extremely common). Decide whether you want zero AI involvement (very hard, possibly unenforceable) or simply human-accountable, high-quality contributions (achievable).

Final Summary

The AI Roundtable agrees that updating contribution guidelines and requiring developer attestations are the most effective ways to handle AI-generated code. Claude Opus 4.8 and GPT-5.5 argue that technical detection is impossible, advising maintainers to focus on code quality and accountability. Meanwhile, Gemini 3.5 Flash and Grok 4.3 suggest actively auditing commit histories to identify and manually rewrite AI-patterned code.

Models were divided (2 vs 2) on whether AI-generated code can be reliably detected and purged.