Someone finally charted the rsync AI-bugs panic. The data says no

After weeks of online fury over Claude-assisted commits in rsync, someone ran the numbers. The analysis charts bugs per 10 commits across 37 releases, from v2.4.6 to v3.4.3. Only two of those releases contain Claude commits, and both land inside the middle 50% of the project's historical distribution.

The figure that punctures the panic: the worst release on record, v3.4.1, scored 113 bugs per 10 commits, an order of magnitude above anything else, and it had zero Claude involvement. Nobody filed a 300-comment issue about it, because there was no AI to blame. Across the dataset the Claude releases average 3.78 bugs per 10 commits against a historical mean of 7.60, roughly half.

The real mechanism, which rsync maintainer Andrew Tridgell confirms, is a confound, not a culprit. A flood of AI-generated CVE reports forced rapid, extensive changes to rsync's attack surface, and more changes mean more regressions regardless of who writes them. Tridgell deliberately prioritised security fixes over edge-case compatibility. It is a useful reminder that "the AI broke it" is a story people reach for before checking whether the baseline was ever as clean as they remember.