Ladybird Browser ends public pull requests due to AI and security concerns

Ladybird Browser has announced that it will no longer accept public pull requests, limiting code changes to project maintainers as the team prepares for its first alpha release. Creator Andreas Kling said the decision is a response to the rise of generative AI, which can now produce large code contributions quickly, even when the author may not fully understand the security or functional impact.

The team says this is especially important for a browser, since it processes untrusted content from the internet directly on users’ machines. A single hidden vulnerability could put users at risk, while reviewing AI generated pull requests would add more responsibility and review burden for maintainers. As part of the change, all open public pull requests are being closed, and external forks will not be treated as informal review queues.

Contributors are now being encouraged to focus on bug reports, reduced test cases, standards discussion, website testing, security reports, and technical feedback. Ladybird remains open source, with its codebase still publicly available, but the project is tightening how code enters the official repository as AI generated contributions become harder to assess.