A Carnegie Mellon study heading to ICSE 2026 found roughly 6 million fake stars spread across 18,617 GitHub repositories. The researchers used a tool called StarScout to process 20 terabytes of metadata. Here's the part that should concern anyone building in the AI agent space: AI and LLM repositories are the largest non-malicious category buying fake engagement. By July 2024, 16.66% of all repos with 50 or more stars had been touched by fake star campaigns, up from near-zero before 2022.

The economics are straightforward. A star costs as little as $0.03 from sites like SocialPlug.io. A seed round brings $1 million to $10 million. Venture firms like Redpoint Ventures explicitly use GitHub star counts as sourcing signals, with Redpoint citing a median of 2,850 stars at seed stage. The market is clearly active, as seen when Mario Zechner recently joined Earendil and brought his coding agent pi with him. He discusses his history with open-source projects (libGDX, RoboVM), VC interest in pi, and why he chose to join Earendil rather than start his own company - prioritizing family time and avoiding repeating past OSS commercialization mistakes. When investors automate their deal flow around a metric that costs pennies to fabricate, founders would be irrational not to inflate those numbers. Seventy-eight repos with purchased stars made it onto GitHub Trending, gaming the platform's own discovery pipeline.

Independent analysis sampling 150 profiles across 20 repositories confirms the manipulation patterns. FreeDomain, with 157,000 stars, had 81.3% of sampled stargazers with zero followers. Fork-to-star ratios on manipulated repos run 10x below organic baselines. Flask gets 235 forks per 1,000 stars. Shardeum gets 22. When nobody forks your 32,000-star project, nobody's actually using it.

The FTC's 2024 rule bans fake social influence metrics, with penalties exceeding $50,000 per violation. GitHub itself deleted 90.42% of flagged repositories by January 2025, proving it can detect this when motivated. But enforcement lags far behind the market. SocialPlug claims 3.1 million stars delivered across 53,000 clients and advertises a formal API for programmatic purchasing. Fake stars are already distorting which AI projects get funded. Investors need to stop treating star counts as a proxy for real developer interest.