Yes, I have lost faith in some open source project maintainers that are doing this. There is an open source platform we've used for years at work (we use the paid Enterprise version of it) that introduced some pretty grotesque security flaws and when I looked into it I realized AI had taken over the project - you can clearly see it in the commit log whether it is attributed or not, just based on volume and frequency. It was very disappointing.