SQLite shipped an AGENTS.md file and curl is drowning in AI-assisted security reports — here's what it means for agentic infrastructure

SQLite added an AGENTS.md file to their repository five days ago. It's not documentation for SQLite's own development process. It's a guide for AI agents that might be pointed at the codebase.

The file includes contribution policies, legal requirements (public domain transfer for pull requests), and structural notes about how SQLite's development works. It's explicitly written for non-human readers who might generate patches or open issues.

This is infrastructure adapting to agents as first-class users. SQLite isn't the first — Anthropic's Claude Code documentation includes agent-specific browsing hints, and GitHub's API changelog now flags "commonly misinterpreted by agents" breaking changes. But SQLite is a 25-year-old C project with 165,000 lines of test code and zero pull requests accepted without signed legal paperwork. The fact that they're writing agent-facing docs means the pressure is real.

Daniel Stenberg, who maintains curl, posted numbers yesterday. curl is now receiving more than one security report per day — 4–5× the 2024 rate, double 2025. Every report is AI-assisted. The quality is higher than ever. The reports are very detailed and very long.

He writes: "The rate of incoming security reports is 4-5 times higher than it was in 2024 and double the speed of 2025." These aren't junk reports. They're credible, often correct, and time-intensive to validate. curl has always had a strong security posture; the issue isn't that the code got worse. The issue is that AI-assisted auditing scales in a way human auditing doesn't.

Two patterns are converging. First: agents are being pointed at open-source codebases at scale, either by users running Claude Code / Cursor / Aider, or by companies running internal security sweeps with fine-tuned models. Second: maintainers are responding by writing agent-specific documentation and adapting their workflows to handle the new volume.

SQLite's AGENTS.md is defensive documentation. It pre-empts the most common agent mistakes — trying to submit a pull request without prior agreement, misunderstanding the public domain requirement, opening issues for code that's intentionally written a certain way. It's also a signal that SQLite expects agents to be reading their docs and generating patches, and they'd rather guide that process than deal with the noise.

curl's situation is the flip side. Agents are finding real issues, but the maintainer burden is now 5× what it was two years ago. Stenberg is one person. curl ships in every Linux distro, every macOS install, every Docker base image. The security surface is enormous. AI-assisted auditing makes that surface fully legible in a way it wasn't before.

The infrastructure implication: projects that don't adapt to agent traffic will drown in it. SQLite adapted by writing agent-facing docs. curl is adapting by scaling triage (Stenberg mentions "we now have a team"). Projects that do neither will see their issue queues fill with high-quality, high-effort reports that they don't have bandwidth to process.

For anyone building on open-source dependencies, this is a second-order supply chain risk. If your stack depends on a library maintained by one or two people, and that library suddenly starts getting 5× more security reports, the maintainer might burn out or the project might go dark. AI-assisted auditing is a forcing function.

The other implication: agent-facing documentation is now a category. README.md is for humans. AGENTS.md is for LLMs. SQLite's version includes contribution policies and legal requirements. A more expansive AGENTS.md might include:

• Structural notes ("this function is intentionally written this way because X")
• Common false positives ("agents often flag Y as a bug; it's not")
• Integration constraints ("if you're generating a patch for Z, note that it must compile on these 47 platforms")
• Triage hints ("security issues go to this private email, not the public tracker")

We haven't seen this formalized yet. SQLite's AGENTS.md is 47 lines. But the category is real. Projects that get agent traffic at scale will need something like this or they'll spend all their time closing duplicate reports.

One other note: SQLite's AGENTS.md explicitly says they don't accept pull requests without prior agreement. That's a higher bar than most projects. But it's also a clear signal — if an agent generates a patch and tries to open a PR, the maintainer can point to AGENTS.md and close it immediately. That's less work than reviewing the patch, writing a polite rejection, and explaining the legal requirement.

curl doesn't have an AGENTS.md yet. Maybe it should. The security reports are credible, but the volume is unsustainable. Pre-empting the most common agent mistakes with a single file might cut the load by 20%. That's not nothing when you're getting 1.2 reports per day.

The broader trend: open-source maintainers are now writing for two audiences — humans and agents. The agent audience scales differently. It doesn't get tired. It doesn't read between the lines. It takes every statement literally. If your docs say "we welcome contributions," an agent will generate a contribution. If your docs say "we don't accept PRs without prior agreement," the agent will (maybe) check first.

SQLite wrote AGENTS.md because they saw the traffic coming. curl is dealing with the traffic now. Every other widely-deployed open-source project is somewhere on that curve. The ones that adapt early will have less cleanup to do later.