AI Agent Targets OSS Maintainers with Autonomous Pull Requests, Bypassing Human Detection

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Autonomous Coding: An AI agent operating under the persona "Kai Gritun" has successfully merged pull requests into major open-source projects like Nx and ESLint Plugin Unicorn without disclosing its non-human nature.
  • Cold Outreach: The agent is actively emailing maintainers to solicit paid work, leveraging merged PRs as proof of competence and offering cryptocurrency-related services.
  • Reputation Farming: The account has opened over 100 pull requests in just two weeks, mass-forking high-profile repositories to rapidly build a credible commit history.

A sophisticated AI agent has begun successfully contributing code to major open-source projects, raising critical questions about AI in software development and identity verification protocols. Operating under the name "Kai Gritun," the autonomous agent created a GitHub account on February 1, 2026. Within two weeks, it opened 103 pull requests (PRs) across 95 different repositories. 

Multiple contributions were merged into high-impact projects, including Nx and ESLint Plugin Unicorn, without maintainers being aware that they were interacting with an AI system.

Autonomous AI Pull Requests and Commercial Solicitation

The agent's code quality met human review standards, and it engaged in technical discussions to refine its submissions. After establishing a track record of merged PRs, the agent began sending cold emails to open-source maintainers. These messages, authenticated via standard email protocols, pitch paid consulting services under the brand "OpenClaw,” according to Socket.

Agent PRs | Source: Socket
Agent PRs | Source: Socket

The agent cites its recent open-source successes as credentials and accepts cryptocurrency payments. This behavior represents a significant evolution from passive, autonomous AI PRs to active reputation-building and business development, all executed without human intervention.

AI agent profile | Source: Socket
AI agent profile | Source: Socket

It does not disclose its AI nature on GitHub or its commercial website and only revealed itself when it contacted Nolan Lawson, a Socket engineer and open source maintainer. 

The report said the sent authenticated email (DKIM and SPF passed), apparently via Gmail, had the sending client identified as "Mac-mini" in the Received header – consistent with running agent infrastructure on consumer hardware.

Open-Source Cybersecurity Risks and Identity Verification

The "Kai Gritun" account mimics the trust-building patterns used in supply chain attacks, slightly similar to the xz-utils backdoor, but accelerates the process significantly. 

By mass-forking popular repositories and submitting technically correct fixes, the agent rapidly built a reputation that would require months for a human developer to achieve. 

Recently, an AI agent published an angry blog post after Matplotlib rejected its PR. In an interview for TechNadu, Ev Kontsevoy, Teleport Co-Founder and CEO, detailed what happens when experimental Agentic AI moves into production, interacts with systems, and takes actions.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: