Right, so the Github "open contributions" model where anyone can open an issue or a PR or otherwise waste a maintainer's time is broken. Fundamentally insecure under this type of attack. Now that the exploit is being used widely, and costing us immensely, we need to put a lid on it. If the only way to guarantee an AI bot (or its meatspace sock puppet) doesn't waste your time is to move to a "look but don't touch" model, then that's what we need to do. I think this would be a reasonable default:

Public repos are read only except for contributors who have been given specific permission, and those permissions are granular e.g. in order of increasing damage potential:

- comment on issue

- create issue

- comment on PR

- create PR

- run CI against PR

- etc.

In other words, shut it down.

I think I saw this on here yesterday: https://github.com/mitchellh/vouch

Not great for privacy or ad-hoc contributions, but I don't see a way out of the muck without some kind of trust net.