Investigators traced commits dating back to rsync 3.4.1 and identified contributions by Andrew Tridgell and Anthropic's AI assistant Claude, prompting scrutiny of AI-assisted coding in critical open-source infrastructure.

Despite the regressions, the team signaled ongoing use of AI tools for rsync’s next major security-focused release (3.5) and noted ongoing failures in competing implementations like OpenBSD's openrsync.

Tridgell described a surge of security issue reports, many AI-generated, increasing the workload to maintain rsync’s security and reliability.

Public reaction spread across GitHub, Reddit, and Hacker News, turning a technical bug into a broader debate about AI’s role in maintaining essential open-source software.

Ironically, Tridgell stressed that human oversight remains central and that reported AI-assisted work was not a wholesale handoff to machines, countering claims of ‘vibe-coding’ the project.

Rsync 3.4.3, a security-focused update, caused regressions in incremental backups for some users, fueling a broader discussion beyond a routine bug hunt.

Tridgell publicly defended his use of AI tools, noting he designed the Python-based test framework and used Claude, Codex, and Gemini, with strict manual review of outputs.