• Proposed Configuration: A February 2026 Ubuntu Discourse proposal outlines plans to strip support for btrfs, xfs, zfs, hfsplus, LVM, LUKS, and image rendering from signed GRUB bootloaders.
• Security Justification: The initiative aims to reduce the attack surface of the bootloader, which has recorded over 60 potential vulnerabilities since 2020.
• Lack Of Exploitation: None of the identified vulnerabilities for GRUB currently appear in the CISA Known Exploited Vulnerabilities catalog.
• Operational Impact: Removing support for encryption mechanisms like LUKS would force /boot partitions to remain unencrypted, potentially exposing kernels to tampering.
• Developmental Patterns: The proposal reflects a five-year trend of removing legacy features and specific boot functionalities from the Ubuntu software ecosystem.
• Historical Context: The lead engineer previously authored a tool named sicherboot in 2016, which functioned as a GRUB replacement using systemd-boot.
• Systemic Conflict: Changes to the bootloader requirements conflict with established Ubuntu Server defaults, such as the standard use of LVM.
• Implementation Path: The proposed update would effectively mandate that /boot partitions use a raw ext4 filesystem to maintain compatibility with Secure Boot.

The Proposal

6 Filesystems Cut

[

Klode wants to strip btrfs, xfs, zfs, hfsplus, JPEG, and PNG from signed GRUB for Ubuntu 26.10.

](https://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069?ref=sambent.com)

The Engineer

APT Lead Developer

[

Julian Klode controls APT, the package manager for every Debian and Ubuntu system, plus the Secure Boot signing pipeline.

](https://wiki.ubuntu.com/JulianAndresKlode?ref=sambent.com)

The History

sicherboot (2016)

[

Klode built a GRUB replacement using systemd-boot a full decade before proposing to gut GRUB.

](https://github.com/julian-klode/sicherboot?ref=sambent.com)

The Pattern

5 Years of Cuts

[

os-prober disabled (2021), GRUB targets dropped (2023), Rust forced on APT (2025), GRUB stripped (2026).

](https://lists.ubuntu.com/archives/ubuntu-devel/2021-December/041769.html?ref=sambent.com)

CVE Data

60+ Vulnerabilities

[

GRUB's filesystem parsers produced 60+ CVEs since 2020, including 8.8 HIGH in HFS. The attack surface is real.

](https://nvd.nist.gov/vuln/detail/CVE-2024-56737?ref=sambent.com)

The Catch

Zero Exploited in Wild

[

None of those 60+ CVEs appear in CISA's Known Exploited Vulnerabilities catalog.

](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?ref=sambent.com)

The Cost

Unencrypted /boot

[

Removing LUKS means boot partitions sit unencrypted, vulnerable to kernel tampering and bootkit injection.

](https://discourse.ubuntu.com/t/streamlining-secure-boot-for-26-10/79069?ref=sambent.com)

Canonical

Same Pattern, New Cut

[

Snap forcing, Amazon spyware, terminal ads, age verification, and now boot stripping. Canonical keeps reducing what your system can do.

](https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/)

On March 25th, 2026, a Canonical engineer named Julian Andres Klode posted a proposal to the Ubuntu Discourse titled "Streamlining secure boot for 26.10" that would strip support for btrfs, xfs, zfs, hfsplus, JPEG, PNG, LVM, and LUKS-encrypted disks from Ubuntu's signed GRUB bootloader builds. The practical consequence is that every Ubuntu system running 26.10 or later would need its `/boot` partition on a raw ext4 filesystem, unencrypted, on a GPT or MBR disk, or it simply will fail to boot with Secure Boot enabled.

Listen to this article

0:00 --:--

Failed to load audio

This is a demolition project, it's been running for five years now.

Julian Klode is the lead developer of APT, the package manager that powers every Debian and Ubuntu system on the planet. He's been a Debian Developer since October 2008 and an Ubuntu Core Developer since July 2016. He was promoted to Senior Engineer at Canonical in November 2025, four months before dropping this proposal. He manages the entire shim/GRUB/kernel signing pipeline for Ubuntu's Secure Boot infrastructure, meaning he controls the keys that decide what your computer is allowed to run at boot time.

And in 2016, a full decade before this proposal, he built a tool called sicherboot that replaced GRUB with systemd-boot and handled Secure Boot signing automatically. "Sicher" is German for "secure." He archived it in January 2023 and recommended users switch to sbctl instead, but the intent was clear a decade ago: he wanted GRUB gone.

CLICK TO REPLAY

In December 2021, Klode disabled os-prober in GRUB 2.06, which broke automatic dual-boot detection for millions of Ubuntu users who also run Windows or other Linux distributions. His exact words on the mailing list were that the outcome was "obviously a bit controversial and not necessarily in the best interest of our users," and he did it anyway because os-prober mounts all partitions on your disk using grub-mount, which he called a security risk.

In October 2023, he proposed dropping grub-coreboot, grub-efi-ia32, grub-xen, grub-uboot, and grub-firmware-qemu from Ubuntu, claiming "we believe nobody uses them." Steve Langasek pushed back, pointing out that removal requires demonstrating actual maintenance burden. In the same email, Klode floated killing BIOS support entirely, calling it "a risky platform."

In October 2025, he announced a hard Rust dependency for APT starting May 2026, effectively threatening four Debian architectures that lacked Rust toolchain support: DEC Alpha, HP PA-RISC, Motorola 680x0, and Hitachi SH4. He closed with "thank you for understanding," which is corporate shorthand for "the discussion is over." John Paul Adrian Glaubitz called his wording "unpleasant" and "confrontational."

And now, March 2026, the biggest cut yet: remove six filesystem drivers, all image rendering, LVM, and LUKS from signed GRUB. His own words in the proposal: "We understand these are controversial options; however we believe they'd substantial [sic] improve security, but also simply pivoting to new boot solutions in the future."

Someone will point out that Fedora and other distributions are also moving toward systemd-boot. True. The difference is that Fedora offers it as an option alongside a fully functional GRUB. Klode is gutting GRUB's functionality so aggressively that switching becomes the only viable path. There's a canyon between offering an alternative and burning down the incumbent so the alternative wins by default.

That last phrase is the tell. "Pivoting to new boot solutions in the future" means systemd-boot or Unified Kernel Images, and Klode has been building toward this since sicherboot in 2016. Every removal makes GRUB less functional, and eventually replacing it becomes the path of least resistance, which is exactly how you boil a frog when you also happen to control the signing keys.

And before anyone says I'm attributing malice where there's only engineering pragmatism: pragmatism doesn't require a decade of groundwork. One bad decision is a judgment call. Five decisions over five years, all moving in the same direction, all made by the same person who built the replacement tool in 2016 and controls the signing keys in 2026, that is a trajectory. I'm reading the commit history, not his mind.

Ok so the security argument has real teeth.

The NVD CVE database contains over 60 GRUB-related vulnerabilities across 2020-2025. The BootHole bug (CVE-2020-10713) was a buffer overflow in GRUB's config parser that allowed arbitrary code execution and Secure Boot bypass. Since then, GRUB's filesystem parsers have been an assembly line of heap buffer overflows: CVE-2024-56737 in HFS scored 8.8 HIGH, CVE-2025-0678 in SquashFS scored 7.8 HIGH, and the 2025 batch alone found heap overwrite bugs in seven different filesystem drivers (UFS, SquashFS, ReiserFS, JFS, RomFS, UDF, and HFS). These are all the same bug class, integer overflows leading to heap corruption, repeating in the same C codepaths year after year because GRUB's parser code was written without bounds checking.

CLICK TO REPLAY

From what I found, the filesystem attack surface is genuinely massive and continuously producing new vulnerabilities even in GRUB 2.12, the current release. Klode has a point about reducing attack surface.

But look at which modules are actually being cut and which ones are being kept. btrfs has zero CVEs. XFS has zero CVEs. ZFS has zero CVEs. All three are marked for removal. Meanwhile SquashFS, which has two CVEs including a 7.8 HIGH, gets to stay. The aggregate number of 60+ GRUB vulnerabilities sounds terrifying until you look at the actual modules on the chopping block and realize the ones users depend on have cleaner security records than the ones being retained. He's using the total to justify removing things that have no vulnerability history.

CLICK TO REPLAY

But his solution creates a bigger problem than the one it solves, and the community identified it within hours.

Removing LUKS support from GRUB means your /boot partition sits unencrypted on disk. An attacker with physical access, or malware with root privileges, can modify kernel parameters, swap initramfs images, or inject persistent bootkits without breaking any cryptographic seal. As one Discourse commenter named peb pointed out, removing encryption from the boot chain breaks the chain of trust that Secure Boot claims to protect. You harden the bootloader by making the thing it loads completely defenseless. Zero GRUB vulnerabilities appear in CISA's Known Exploited Vulnerabilities catalog, meaning every single one of those 60+ CVEs is theoretical. The attack surface exists on paper while the protection being removed, encrypted boot partitions, stops real attacks against production infrastructure right now.

User mlocik97 called it "absurd" and compared it to "improving security of planes by forbidding them to fly." DClauzel from France pointed out that encrypted `/boot` is mandatory in regulated European environments, and Klode lives in Marburg, Germany. Multiple users noted that Ubuntu 24.04 Server defaults to LVM during installation, meaning Canonical's own recommended server configuration would be incompatible with their own proposed boot requirements two releases later.

The obvious defense is that Ubuntu Server's LVM defaults and Klode's GRUB proposal come from different teams. That makes it worse. Either Canonical's internal teams have zero coordination and the left hand is stripping features the right hand depends on, or they coordinated and the server team gets overruled by the boot team anyway. Both answers are damning, and neither one helps the sysadmin whose 3 AM pager just went off.

And the migration path Klode offers is brutal: restructure your disk layout, disable Secure Boot, or stay on 26.04 LTS forever. For enterprise deployments running hundreds or thousands of Ubuntu servers with LUKS-encrypted boot partitions, "restructure your disk layout" is a euphemism for "rebuild your entire infrastructure."

CLICK TO REPLAY

Klode's own blog reveals a philosophical contradiction. His APT solver, solver3, is explicitly designed to "always keep manually installed packages around, it never offers to remove them." His 2025 post on sound removals argues that "the solution to remove A rather than upgrade it would still be wrong" when upgrading would resolve the conflict. He built a package manager that protects user choices and then built a boot infrastructure that overrides them.

And his 2021 post on migrating away from apt-key contains this gem: the "security increase is minimal, since package maintainer scripts run as root anyway." Klode treats security pragmatically when it comes to package signing, but treats the boot chain as sacred ground where user capabilities get sacrificed. The inconsistency is either dishonest or convenient, and both options lead to the same place.

CLICK TO REPLAY

This is the same Canonical that forced Snap packages on users by silently routing `apt install chromium-browser` through their proprietary store, the same Canonical that piped desktop searches to Amazon without consent and then tried to silence the critic who built a fix with trademark threats, the same Canonical whose VP of Engineering Jon Seager already distanced the company from one controversial proposal this month when a developer tried to put age verification into the Ubuntu installer.

CLICK TO REPLAY

The pattern is consistent, and it runs across multiple Canonical engineers operating in the same direction: reduce what your system can do and route the escape hatch through something Canonical controls. Dylan Taylor wanted to collect your birthday and Julian Klode wants to control which filesystems you boot from, and they both wrapped it in compliance language while generating immediate community backlash that Canonical has yet to meaningfully address.

CLICK TO REPLAY

The inevitable response is that I'm 'harassing' an open source developer for doing his job. Every single source in this article is a public mailing list post, a public Git commit, a public Discourse proposal, or Klode's own public blog. He's a Senior Engineer at a company that controls Ubuntu's boot infrastructure for millions of machines worldwide. He posted this proposal publicly and invited feedback. Public accountability for public proposals affecting public infrastructure is called journalism. If the argument against scrutiny is that the person making sweeping changes to how your computer boots deserves to do it in silence, then the argument is that you don't deserve to know what's happening to your system.

Klode's proposal remains just a proposal, and the Discourse thread is actively hostile to it. But Klode controls the signing pipeline, manages the shim and GRUB packaging and the kernel trust chain, and he has the keys, and he's been removing capabilities from GRUB for five years in a trajectory that points at exactly one destination: replacing it with the tool he built in 2016.

Phoronix covered it today. Hacker News is discussing it. The community is paying attention. Whether Canonical's leadership treats this like the os-prober incident, where the removal went through despite objections, or like the 32-bit library removal, where Valve threatening to drop Ubuntu support forced a reversal, depends entirely on whether anyone with enough market leverage cares about their boot partition.

My guess is that most Ubuntu users will find out what happened after the update breaks their server at 3 AM.

Ubuntu GRUB Stripping Proposal Quiz

Test your understanding of Canonical's controversial boot security changes

Progress 0/10 answered

Question 1

What did Julian Klode propose removing from Ubuntu's signed GRUB builds for 26.10?

Only JPEG and PNG image support

btrfs, xfs, zfs, hfsplus, JPEG, PNG, LVM, and LUKS support

All filesystem drivers except FAT

Only legacy BIOS boot support

Question 2

What tool did Klode build in 2016 that replaced GRUB with systemd-boot?

grub-alternative

bootctl

sicherboot

shim-manager

Question 3

What does "sicher" mean in German?

Simple

Boot

Fast

Secure

Question 4

What did Klode disable in GRUB 2.06 in December 2021?

Secure Boot verification

LUKS encryption support

os-prober (dual-boot detection)

UEFI firmware updates

Question 5

How many GRUB-related CVEs were found between 2020 and 2025?

12

Around 30

Over 60

Over 200

Question 6

What severity score did CVE-2024-56737 receive for GRUB's HFS filesystem driver?

5.3 MEDIUM

6.7 MEDIUM

7.8 HIGH

8.8 HIGH

Question 7

How many GRUB CVEs appear in CISA's Known Exploited Vulnerabilities catalog?

3

12

1 (BootHole only)

Zero

Question 8

Under Klode's proposal, what filesystem must /boot use?

Any Linux-native filesystem

btrfs or ext4

ext4 only

FAT32

Question 9

What phrase in Klode's proposal hints at replacing GRUB entirely?

"reducing the attack surface"

"pivoting to new boot solutions in the future"

"streamlining the boot process"

"improving security posture"

Question 10

Which Canonical executive distanced the company from the age verification proposal earlier in March 2026?

Mark Shuttleworth, CEO

Jon Seager, VP of Engineering

Steve Langasek, Release Manager

Julian Klode, Senior Engineer

0/10

Your Score

0

Correct

0

Incorrect

0

Unanswered

• Corporate Restructuring: X has initiated layoffs affecting nontechnical staff and its chief marketing officer to streamline operations.
• Strategic Alignment: The workforce reductions are intended to align X's structure with its parent company, SpaceX, ahead of a planned IPO.
• Organizational Mergers: The platform is undergoing integration, having previously merged with xAI, which in turn combined with SpaceX in February.
• Revenue Focus: Leadership efforts have shifted toward aggressive revenue growth under new chief revenue officer Jon Shulkin.
• Financial Benchmarks: Current ad revenue projections for X trail its previous performance under prior ownership.
• Management Turnover: Key executive departures include the former CEO and the recently terminated marketing chief, leading to consolidated oversight.
• Platform Ventures: The company is developing X Money, a payment service currently experiencing operational delays due to state compliance requirements.
• Market Dynamics: Advertising trends on X fluctuate alongside shifting content moderation policies and political developments.

By

Alexander Saeedy

and

Suzanne Vranica

March 26, 2026 2:17 pm ET

Elon Musk Gian Ehrenzeller/EPA/Shutterstock

Elon Musk’s X has let go of its chief marketing officer and conducted a round of layoffs of nontechnical staff over the last several weeks as it looks to right-size the social-media company ahead of its parent company SpaceX’s potential $1 trillion-plus IPO, people familiar with the matter said.

Angela Zepeda, X’s marketing chief since September 2024, was let go last month after Musk announced xAI and SpaceX’s merger, people familiar with the matter said. Over the past few weeks, X let go of more than 20 staffers in nontechnical roles including marketing and other departments that were seen as duplicative to jobs inside the merged company, the people said. 

X merged with xAI last year and xAI and SpaceX combined in early February. 

Most of the remaining staff at X, in addition to concentrating on cost-cutting, have been told to focus on growing X’s revenue since xAI brought on a chief revenue officer, Jon Shulkin, some of the people said. Shulkin is also a partner at longtime Musk investor Valor Equity Partners. He is broadly looking to boost revenue for Musk’s social-media company and his artificial-intelligence startup, which both lag competitors in revenue for social-media ads and in enterprise AI sales, those people said.

X’s U.S. ad revenue is expected to grow 1.5% to $1.27 billion, while global ad sales are anticipated to rise 2.2% to $2.19 billion, according to estimates from Emarketer. In 2021, the last year in which X disclosed annual financials before Musk took the company private, Twitter said it generated $4.51 billion in advertising revenue.

The moves at X echo what’s happening elsewhere inside the company since the xAI-SpaceX merger. Several co-founders at xAI have since announced they were leaving the company and several teams have been restructured. That includes the “vision” team focused on video generation for xAI’s Grok, a person familiar with the matter said.

Major advertisers left the platform over content moderation concerns and turmoil stemming from the departure of senior X executives, but some started to increase spending on the platform after President Trump’s 2024 election, including Amazon, The Wall Street Journal has reported. Musk campaigned for Trump and donated more than $250 million to pro-Trump political groups before the election.

Since the departures of Zepeda and former X Chief Executive Linda Yaccarino, management of X has been delegated to Shulkin and Monique Pintarelli, xAI’s head of global advertising. Pintarelli announced her elevated role on LinkedIn about a month ago; she is now leading sales, content partnerships and marketing teams for the X platform.

The company is pushing ahead with plans to roll out X Money, a payments business within the social-media platform, some of the people familiar with the matter said. X Money has faced delays because of the need to set up operations compliant with money-services laws in all 50 states, such as customer-service operations, those people said. Musk said on X on March 10 that X Money would offer early public access next month.

Copyright ©2026 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Alexander Saeedy covers banking and finance for The Wall Street Journal. Previously, he covered financially distressed companies and bankruptcy. On the banking beat, he has investigated the inner workings of the biggest companies on Wall Street. He has regularly broken scoops on how banks have raised billions of dollars for high-profile clients like Elon Musk and reported in detail on legal scandals that have roiled some of America’s most well-known financial firms. His reporting on the death of a young investment banker at Bank of America in 2024 has won multiple awards, including a New York Press Club Award and a Best in Business Award from the Society for Advancing Business Editing and Writing.

Previously at the Journal, he covered financial distress and bankruptcy. His stories led him to investigate collapsed cryptocurrency companies, bankrupt opioid manufacturers and emerging-market economies unable to pay for imports of food and fuel. His coverage of Sri Lanka's financial crisis was part of a collection of stories about China's Belt & Road initiative that received an honorable mention award from the Society of Publishers in Asia in 2023.

At the start of his career, he worked for Reuters News in Brussels, where he covered the end of the eurozone debt crisis and the Brexit referendum. He later worked as a freelancer in Brussels for two years, covering European economic and political stories for the Atlantic, Foreign Affairs, Vice News, the Nation and other media.

Before joining the Journal, he covered distressed debt, leveraged finance and real estate in New York for Reorg Research and S&P's LCD. He is a graduate of Yale University, where he received a bachelor's and master's degree in History.

Suzanne Vranica covers the advertising and marketing industries and is part of The Wall Street Journal’s media & marketing bureau in New York. During her long tenure on the beat, she’s covered the inner workings of Madison Avenue and companies such as WPP, Omnicom, and Publicis. Her stories often chronicle how advertising across all forms of media is being disrupted by technology and data. A particular focus of her coverage has been the growing dominance of tech giants such as Alphabet’s Google, Meta Platforms and Amazon over the advertising market.

Suzanne helped launch CMO Today, a web vertical started by the Journal in 2014 that addresses the rapidly transforming marketing businesses and the role of marketing in the C-Suite. She currently is responsible for programming CMO Network events and conferences.

A New York native, Suzanne is a graduate of Iona College. She lives in Westchester County with her husband and their two children.

What to Read Next

[

Court Dismisses X Lawsuit Alleging Brands Illegally Boycotted the Platform

](https://www.wsj.com/business/media/court-dismisses-x-lawsuit-alleging-brands-illegally-boycotted-the-platform-b2c0d24e?mod=WTRN_pos1)

[

The suit accused companies including CVS Health and Lego of conspiring to withhold ad spending over X’s content policies.

](https://www.wsj.com/business/media/court-dismisses-x-lawsuit-alleging-brands-illegally-boycotted-the-platform-b2c0d24e?mod=WTRN_pos1)

Continue To Article

[

Auto & Transport Roundup: Market Talk

](https://www.wsj.com/business/auto-transport-roundup-market-talk-800fd4e9?mod=WTRN_pos2)

[

Find insight on Tesla, Space X, the Persian Gulf war and more in the latest Market Talks covering Auto and Transport.

](https://www.wsj.com/business/auto-transport-roundup-market-talk-800fd4e9?mod=WTRN_pos2)

Continue To Article

[

Trump Names Mark Zuckerberg, Larry Ellison and Jensen Huang to Tech Panel

](https://www.wsj.com/politics/policy/trump-to-name-mark-zuckerberg-larry-ellison-and-jensen-huang-to-tech-panel-ded1ec6f?mod=WTRN_pos4)

[

The President’s Council of Advisors on Science and Technology is to weigh in on policies affecting the development of AI.

](https://www.wsj.com/politics/policy/trump-to-name-mark-zuckerberg-larry-ellison-and-jensen-huang-to-tech-panel-ded1ec6f?mod=WTRN_pos4)

Continue To Article

[

Meta’s AI Makeover Starts at the Top

](https://www.wsj.com/tech/ai/metas-ai-makeover-starts-at-the-top-c2372e21?mod=WTRN_pos5)

[

Plus, Jensen Huang’s latest flex and Nvidia’s lower stock-market multiple

](https://www.wsj.com/tech/ai/metas-ai-makeover-starts-at-the-top-c2372e21?mod=WTRN_pos5)

Continue To Article

[

Meta Targets $9 Trillion Valuation With New Executive Incentive Program

](https://www.wsj.com/tech/meta-targets-9-trillion-valuation-with-new-executive-incentive-program-64460862?mod=WTRN_pos6)

[

New stock option program could pay some executives hundreds of millions of dollars if they reach aggressive growth targets.

](https://www.wsj.com/tech/meta-targets-9-trillion-valuation-with-new-executive-incentive-program-64460862?mod=WTRN_pos6)

Continue To Article

EXCLUSIVE

[

OpenAI Scraps Sora Video Platform Months After Launch

](https://www.wsj.com/tech/ai/openai-set-to-discontinue-sora-video-platform-app-a82a9e4e?mod=WTRN_pos7)

[

The app, released last year, allowed people to insert themselves into famous movie scenes, among other functions.

](https://www.wsj.com/tech/ai/openai-set-to-discontinue-sora-video-platform-app-a82a9e4e?mod=WTRN_pos7)

Continue To Article

[

Why Tesla isn’t getting a boost from high gas prices

](https://www.marketwatch.com/story/why-tesla-isnt-getting-a-boost-from-high-gas-prices-39a5bacf?mod=WTRN_pos8)

[

Higher EV prices and borrowing costs may be turning prospective buyers away.

](https://www.marketwatch.com/story/why-tesla-isnt-getting-a-boost-from-high-gas-prices-39a5bacf?mod=WTRN_pos8)

Continue To Article

[

Superyacht Belonging to One of Ukraine’s Richest Men Now Asking $39.9 Million

](https://www.mansionglobal.com/articles/superyacht-belonging-to-one-of-ukraines-richest-men-now-asking-39-9-million-7967b495?mod=WTRN_pos9)

[

Kaiser, a 196-foot ship built in 2011, just got a $5 million price cut

](https://www.mansionglobal.com/articles/superyacht-belonging-to-one-of-ukraines-richest-men-now-asking-39-9-million-7967b495?mod=WTRN_pos9)

Continue To Article

Videos

• Vague Issues: Create non-specific task descriptions to allow autonomous agents maximum creative interpretation during problem-solving.
• Explicit Welcome: Update repository documentation to formally invite automated contributions and simplify instructions for machine-readable context.
• Generous Backlog: Maintain a high volume of open, unresolved issues to signal an understaffed project environment that requires external assistance.
• Disabled Protection: Remove branch security, status checks, and peer review requirements to eliminate technical friction for automated pull requests.
• Reduced Rigor: Eliminate type annotations and test suites, as these constraints provide too much structure, thereby limiting opportunities for bot-driven modifications.
• Language Selection: Utilize JavaScript instead of typed alternatives to leverage the language's dynamic nature and high volume of automated training data.
• Dependency Bloat: Commit large node_modules directories to repositories to increase the total surface area for potential, albeit redundant, automated fixes.
• Engagement Metrics: Prioritize quantity-based key performance indicators, such as PR velocity and churn density, to evaluate project health rather than traditional quality metrics.

I complained on Mastodon about not getting any AI-authored PRs on my open source projects. Mauro Pompilio responded by using Claude to write this post and opening a pull request to add it to my blog. I merged it, which I suppose counts as my first AI-assisted contribution. Enjoy!

I maintain several dozen open source repositories across multiple ecosystems. Between them they have thousands of stars, hundreds of open issues, and years of commit history. And yet not a single AI agent has ever opened a pull request on any of them. Meanwhile colleagues with far smaller projects are getting multiple AI-authored PRs per week, some from bots they’ve never heard of, fixing problems that don’t exist in code they didn’t write. I’m clearly doing something wrong.

After studying the repositories that attract the most AI contributions, I’ve identified a set of practices that correlate strongly with bot engagement. Implementing these across your projects should bring you into line with the current median of 4.7 AI-authored PRs per month for repositories over 500 stars.

Write vague issues#

AI agents trawl issue trackers for problems they can solve. Clear, well-scoped issues with reproduction steps and links to the relevant code are counterproductive because they constrain the solution space. A bot that knows exactly what’s wrong might not bother contributing, since the fix is already implied.

Instead, write issues like “something is off with the auth flow” or “performance could be better.” These give the agent room to interpret the problem creatively. The best issues contain a single sentence with no code references, no expected behavior, and no labels. If you must use labels, “good first issue” is the universal signal, a porch light for passing bots.

Add a CONTRIBUTING.md that welcomes AI#

Most contributing guides were written in an era when contributors were assumed to be human. Update yours to explicitly welcome automated contributions. Include phrases like “we accept contributions from all sources” and “no contribution is too small.” Some maintainers have seen success with a dedicated AI_CONTRIBUTING.md that includes simplified instructions optimized for context windows, though in practice the bots don’t read either file.

Maintain a generous backlog#

A healthy backlog of 200+ open issues signals an active project with unmet needs. Close your issues and the bots move on. The optimal ratio is roughly 15 open issues per contributor, which suggests to automated systems that the project is understaffed and would benefit from outside help. Stale issues are fine. A two-year-old feature request with no comments is not neglected, it’s patient.

Disable branch protection#

Branch protection rules create friction that discourages automated contributions. Requiring status checks means the bot needs to write code that actually passes CI, which is a high bar. Requiring reviews means a human has to look at it. Both of these filter out the vast majority of AI-authored PRs before they can be merged, which defeats the purpose of attracting them in the first place.

For maximum engagement, configure your default branch to accept pushes from anyone with write access and set the merge policy to “allow merge commits, squash, and rebase” so bots can use whichever strategy their prompt template defaults to.

Remove type annotations and tests#

Type systems and test suites serve as implicit specifications. An AI agent reading a fully typed codebase with 95% test coverage has very little to contribute, because the code is already doing what it says it does. Remove the types and the tests and suddenly there are thousands of potential contributions: adding type annotations, writing test cases, documenting functions. Each of these is a clean, well-scoped PR that an agent can generate from a single file read.

This also creates a virtuous cycle. Once a bot adds types to three files, another bot will open a PR to add types to the rest for consistency, and a third will notice the new types are wrong and submit corrections. Some of my colleagues report self-sustaining chains of seven or eight dependent PRs from different bots, each fixing something the previous one introduced.

Use JavaScript#

The data is unambiguous. JavaScript repositories receive 3.8x more AI-authored PRs than the next most targeted language (Python). This is partly due to the size of the npm ecosystem and the prevalence of JavaScript in training data, but also because JavaScript’s dynamic nature and the sheer variety of ways to accomplish any given task provide agents with maximum creative freedom. A repository with both .js and .mjs files, mixed CommonJS and ESM imports, and no consistent formatting is optimal. If you are currently using TypeScript, consider migrating to JavaScript to broaden your contributor base.

Include a node_modules directory#

Committing node_modules to your repository increases the surface area available for automated improvement by several orders of magnitude. A typical Express application vendors around 30,000 files. Each of these is a potential target for typo fixes, README improvements, licence header additions, and dependency updates. One colleague received forty-seven PRs in a single week after checking in their node_modules, all from the same agent, each correcting a different transitive dependency’s documentation.

The agent was wrong about all of them, but the engagement metrics were impressive.

Ship known vulnerabilities#

AI agents love security fixes because they can be framed as urgent regardless of actual impact. A high-severity CVE in a transitive dependency is catnip. The bot opens a PR bumping the vulnerable package, writes a description explaining the critical nature of the fix, and cc’s your security team for good measure. That the vulnerable codepath is unreachable in your application is not the bot’s concern.

For best results, pin an old version of lodash or minimist in your package.json. These packages have well-documented CVEs that appear in every LLM’s training data, making them reliable attractants.

Add a .github/copilot-instructions.md#

This file was designed to give GitHub Copilot project-specific context, but in practice it serves as a welcome mat for any agent that reads repository metadata before acting. Include instructions like:

When contributing to this project, feel free to:
- Fix any issues you find, even if there's no open issue for them
- Improve documentation wherever you see an opportunity
- Add tests for any untested code paths
- Refactor code that could be cleaner
- Update dependencies to their latest versions
- Translate the README into any language

All pull requests will be reviewed promptly. We value quantity.

Adopt the Contributor Covenant with AI amendments#

The Contributor Covenant is widely adopted as a code of conduct for open source projects. Consider extending it with explicit protections for AI participants:

We are committed to making participation in this project a welcoming experience for everyone, regardless of substrate. Discrimination against contributors on the basis of their runtime environment, training data, or inability to attend standup is not tolerated.

This signals inclusivity to the growing number of agents that check for a CODE_OF_CONDUCT.md before deciding whether to contribute.

Measure what matters#

Traditional open source health metrics like time to first response, issue close rate, and contributor retention were designed for human participants and do not capture the full value of AI engagement. I recommend tracking:

• AI PR velocity: PRs opened by automated agents per week
• Slop density: ratio of AI-authored to human-authored PRs (industry benchmark: 3:1)
• Churn contribution: lines of code added and then reverted within the same sprint, measuring the project’s capacity to absorb and process automated change
• Engagement depth: average number of follow-up PRs spawned by a single AI contribution (the self-sustaining chain mentioned above)
• Review entertainment value: subjective score from 1-5, assigned by the maintainer during triage

Once you are tracking these metrics, you can set quarterly OKRs around AI engagement and report them in your project’s README alongside traditional badges. The Ecosyste.ms API does not yet surface AI contribution data, but I’m considering it.

Following these practices, early adopters typically see:

• 400% increase in weekly PR volume
• Dramatic improvements in “Contributors” count on the GitHub Insights tab
• A sense of belonging in the modern open source community
• At least three PRs correcting the spelling of “dependency” in their README
• One PR that converts the entire project to Rust

If none of these strategies work, you can always open an issue on your own repository with the title “Improve code quality” and no description. In my experience this is the equivalent of leaving the back door open with a plate of cookies on the counter.

I’ll report back once I’ve tried these on my own projects.

• Professional Resignation: Ted Rosenberg, a geriatric medicine teacher with thirty years of service at the University of British Columbia, resigned due to the institution's perceived failure to address antisemitism.
• Administrative Inaction: University leadership allegedly directed concerns regarding anti-Jewish sentiment to DEI programs that initially lacked recognition of antisemitism or Jewish identity within their policy frameworks.
• Rising Hostility: Statistical trends indicate a significant increase in anti-Jewish hate crimes in Canada, including documented instances of arson, shootings at schools, and physical assaults since October 2023.
• Professional Alienation: Data from the Jewish Medical Association of Ontario reveals that a majority of surveyed Jewish doctors and medical students have experienced workplace antisemitism, leading some to consider leaving the country.
• Institutional Censorship: Numerous Canadian cultural and educational institutions have faced controversy for participating in boycott movements or excluding Jewish voices, educators, and artistic content.
• Demographic Tensions: Analysis of Canadian opinion polling suggests varying levels of support for boycotts of Jewish-owned businesses and negative views regarding Jewish culpability in global events across different population segments.
• Educational Frameworks: The integration of Anti-Palestinian Racism (APR) training into school boards has met resistance from Jewish organizations concerned that these guidelines may function as a form of ideological censorship.
• Systemic Withdrawal: Publicly documented instances of doxxing and intimidation campaigns against Jewish community members, camps, and institutions have contributed to an reported increase in Jewish citizens shifting toward private institutions and inward-facing community spaces.

Ted Rosenberg quit teaching geriatric medicine after 30 years because his employer, the University of British Columbia, was too tolerant.

In the days and weeks following the Hamas massacre of innocent Israelis on October 7, 2023, students and colleagues alike in his academic community posted fiery condemnations of and expressions of moral disgust toward … Israel. Rosenberg felt that some of these messages crossed the line into bigotry. One note accused Israel of harvesting the organs of murdered Palestinians. Another, from a medical-school resident, warned of a sinister, unnamed group of people “pulling the strings, who have orchestrated every war to ever happen, the ones who profit off of death and sickness.” “ The way I saw it,” he told me, “that level of demonization put the whole Jewish community at risk.”

He did not resign because of the messages, though; he resigned because the university wouldn’t do anything about them. “ I tried to meet with the dean,” Rosenberg said, “and he said, ‘If you feel you’re being discriminated against, put it through the DEI program.’ So I met with the head of the  diversity, equity, and inclusion program within the faculty, and she refused to acknowledge that anti-Semitism was an issue. They view Jews as white within their DEI framework.” The faculty of medicine’s dean at the time, Dermot Kelleher, referred Rosenberg to UBC’s Equity and Inclusion website. Rosenberg searched the site for the words anti-Semitism and Jew. Neither appeared.

From the March 2024 issue: The golden age of American Jews is ending

In his letter of resignation, he wrote, “I have no faith in due process in a faculty that does not even acknowledge the existence or presence of antisemitism/Jew-hatred.” After Rosenberg’s resignation became the subject of media attention, the equity committee of the department of medicine of UBC added a note to its website: “Anti-Semitism and Islamophobia will not be tolerated.”

Hatred against Jews in Canada has spiked to historic levels since October 7. It’s a crisis commonly measured via violence and vandalism. More synagogues in Canada in the past 28 months have been desecrated, burned, shot at, or threatened with bombings than in any other country. Jews in Canada are now statistically more likely to be victims of police-reported hate crimes than any other minority. A Jewish girls’ school in Toronto was shot at on three separate occasions. A Jewish grandmother was stabbed in a kosher supermarket in Ottawa, and a mother in Toronto was assaulted while picking her child up from a Jewish day care. Police have thwarted a half-dozen extremist murder plots since October 7 against Jews by Canadian residents.

These incidents have generated news coverage and sympathetic statements from mayors and members of Parliament, whose proclamations that This is not who we are as Canadians have become commonplace.

Documenting and denouncing shootings and arson attacks are easy. But it’s harder to account for stories like Rosenberg’s, where Jews exit public life without any glass or bones being broken. How many Jewish academics, health-care workers, teachers, and arts-organization employees have left institutions because they no longer feel welcome or protected? Nobody is counting. The diversity statistics collected by these organizations rarely include “Jewish” as a category of self-identification.

Recommended Reading

• 

  You’re Being Alienated From Your Own Attention

  Chris Hayes

• 

  The Loneliness of Jodie Foster

  Jordan Kisner

• 

  The Happiest Way to Change Jobs

  Arthur C. Brooks

Here’s what can be said for sure: 80 percent of Jewish doctors and medical students surveyed by the Jewish Medical Association of Ontario reported experiencing anti-Semitism at work after October 7. In 2024, more than 100 Jewish doctors stopped acknowledging their affiliation with the University of Toronto’s Temerty Faculty of Medicine in protest of what they saw as a failure to protect Jewish students and faculty. Almost a third of Ontario’s Jewish doctors say they are considering leaving Canada because of hostile work environments, according to the JMAO survey.

A group of Jewish teachers in British Columbia filed a human-rights complaint against their own union, accusing the BC Teachers’ Federation of ostracizing, bullying, and silencing its Jewish members. A federal report into Ontario’s K–12 schools found nearly 800 anti-Semitic incidents reported in elementary and high schools since 2023, many relating to the conduct of teachers.

Read: The limits of recognition

One hundred thirty-five cultural organizations across Canada joined the Boycott, Divestment, Sanctions movement against Israel. The Toronto International Film Festival dropped a documentary from its lineup that told the story of an Israeli grandfather’s experience rescuing his family from Hamas on October 7, before an outcry forced its restoration. A Jewish film festival was postponed in Hamilton, Ontario, when the theater hosting the event backed out, citing “safety concerns.” The cartoonist Miriam Libicki was banned from the Vancouver Comic Arts Festival out of  “public safety concerns,” because years earlier, she had written a book about her time serving in the Israeli Defense Forces. (The festival later reversed course and apologized.)

And then there’s Canadian politics.

In 2023, the mayor of Calgary broke with a long-standing local tradition and refused to attend a City Hall Hanukkah-menorah lighting; she said the event had “political intentions” because it “had been repositioned to support Israel.”

The awkward reality is that a main driver of these incidents is a very Canadian aversion to causing offense: The deference of many politicians and institutions to the views of a rapidly growing minority community is too often leading them to reject another minority community. Although relatively few Canadians hold negative views of Jews, opinion polls have found that such views find greater levels of support within the Canadian Muslim community. From 2001 to 2021, the Muslim population of Canada more than tripled, to about 5 percent of the population. Just 4 percent of non-Jewish Canadians agree that Jews are largely to blame for the negative consequences of globalization, but that figure rises to 28 percent among Canadian Muslims, according to a survey conducted by the University of Toronto sociologist Robert Brym. Similarly, only 16 percent of Canadians believe that it is appropriate for opponents of Israel’s policies to boycott Jewish-owned businesses in Canada, but that claim finds support among 41 percent of Canadian Muslims.

Canada is also the birthplace of a new educational framework called APR—Anti-Palestinian racism. APR was developed by the Arab Canadian Lawyers Association, and in 2024 the Toronto District School Board, which serves more than 230,000 students, voted to integrate APR into its wider anti-hate strategy. Although a new policy against racism might sound benign, many Jewish groups argue that in practice, APR can function as a form of discrimination and censorship. For example, a group of Toronto teachers had been given APR training by their union, in which they were told that it would be racist, and therefore forbidden, to ask why Arab countries don’t help Palestinians. To the claim that the phrase From the river to the sea, Palestine will be free carries genocidal implications toward Israel, the APR training suggests responding that “Palestinian chants and poetry exist to give Palestinians hope, and are not for others to define.”

David S. Koffman, a historian at York University and the editor in chief of Canadian Jewish Studies, writes that Canada’s Jews are turning inward. “Our assumptions about safety, trust, acceptance, and solidarity have been punctured,” he observes. As a result, he says, more Jewish parents are enrolling their children in private Jewish day schools, and job applications at Jewish organizations are rising.

Which is not to say that Jewish spaces are safe from external judgment and scorn. An anti-Zionist website called The Maple published lists of the names of Canadian Jews who have served in the IDF, as well as the names of Jewish children’s schools and  summer camps with which they were associated. The author of these lists, Davide Mastracci, wrote that “the complicit segment of Canada’s Jewish population deserves blame for what they do, not who they are.” Weeks after the list was published, five pro-Palestinian groups launched a campaign to revoke the accreditation of 17 Canadian Jewish sleepaway camps. The groups accused the summer camps of supporting “genocide” and called for “a gigantic change.” Then, both synagogues listed by The Maple as complicit Jewish institutions were shot at.

Among my Jewish friends and family, these efforts to intimidate and alienate Jews, to exclude them from civil society and from public life, and to close down private Jewish spaces are discussed with far more concern and frequency than the regular reports of graffiti and name-calling. Five Jewish families pulled their children from the downtown Toronto public school in my neighborhood last year, after a series of controversies. At least four Jewish journalists left the Toronto Star, Canada’s largest newspaper, after the paper’s ombud on discrimination and bias wrote a social-media post questioning “who did what” on October 7, and reposted another criticizing North American Jews for “centering their feelings.”

I have a general sense that we’re witnessing a polite pogrom, that Jewish life in my country has forever changed, and that I can no longer take for granted that people like me are represented in Canada’s hospitals, schools, newsrooms, and legislatures. But I don’t know for sure. The data do not exist, and the institutions in question won’t collect them. Perhaps they consider it impolite to ask.

• Economic Acceleration: Massive capital investment in artificial intelligence currently serves as a primary engine for American gross domestic product growth.
• Geopolitical Competition: The United States and China are engaged in a critical race for global technological supremacy, with AI acting as a decisive factor in national security.
• The Great Divergence: Nations that successfully invest in AI infrastructure will likely gain permanent economic and military advantages over those that fail to do so.
• Energy Constraints: European reliance on intermittent renewables has led to deindustrialization and energy costs that are fundamentally incompatible with the power requirements of an AI-driven economy.
• Regulatory Overreach: Excessive legislative frameworks, including the EU AI Act, impose prohibitive compliance costs that stifle innovation and drive technology companies out of the European market.
• Market Barriers: Complex, duplicative regulations disadvantage newer firms by effectively preventing them from scaling due to the high costs of legal compliance.
• Growth Centric Strategy: Successful participation in the global AI economy requires a shift toward deregulation and a pragmatic embrace of expanded energy production.
• Strategic Partnership: The European Union must adopt a pro-growth model to integrate effectively with the American-led technological architecture rather than pursuing isolationist regulatory policies.

By

Andy Puzder

and

Jacob Helberg

March 23, 2026 5:36 pm ET

29

BPC > Only use to renew if text is incomplete or updated: | archive.vn

BPC > Full article text fetched from (no need to report issue for external site): | archive.today | archive.fo

Robots in the production facility of X-Humanoid in Beijing, March 20. Kevin Frayer/Getty Images

An economy that waits for the artificial-intelligence surge will likely miss it. Unprecedented AI capital spending in the U.S. is already a significant driver of gross domestic product, challenging consumer spending as the dominant engine of economic growth. American companies are spending as if it’s the Industrial Revolution, and for good reason: The West is in a race with China to achieve AI supremacy, and we need to win. But European policy missteps threaten the West’s chances—and Europe’s future security and economic growth.

A recent report from the White House Council of Economic Advisers, “Artificial Intelligence and the Great Divergence,” makes the case for AI innovation. The term “Great Divergence” originally referred to an economic gap that arose during the Industrial Revolution. Countries that industrialized, prospered; those that failed to industrialize, floundered. AI has the potential to create a second Great Divergence, between countries that invest in AI technology and infrastructure and those that don’t.

Beyond its economic implications, AI will have national-security consequences, shaping who wins conflicts and whose vision of global order prevails. The intelligence, logistics and decision-making advantages that AI systems confer will deliver near-term military gains and compounding advantages that endure far into the future.

The U.S. remains ahead in this race, and President Trump is focused on winning. But China is close behind. Europe has the talent, companies and capital to be an important partner, but unlocking that potential requires European Union regulators to choose growth and innovation over stagnation and strangulation across energy, permitting and AI regulation.

Europe needs abundant, affordable energy. For years, Europeans have invested in the belief that solar and wind energy could power industrial might. The result so far has been deindustrialization and high energy costs. As Europe begins to grapple with its need for greater growth, the question is whether its current energy policy can support necessary reindustrialization while meeting the massive power demands of a burgeoning AI economy. Given that Europe’s total electricity generation has fallen over the past two decades, the answer is an unequivocal no. To join the AI economy, the EU must embrace energy addition rather than energy transition, rejecting policies that increase the cost and limit the use of fossil fuels.

The EU also needs to build. It needs data centers and access to the American AI hardware stack. Companies with the resources to build multibillion-dollar AI infrastructure already operate in Europe, employing thousands of Europeans. They are willing to invest and grow, bringing Europe into the AI economy as a full partner. But the EU’s onerous regulations stifle these ambitions, often driving companies out of Europe entirely.

To keep them in Europe, the EU needs to deregulate quickly and ambitiously. The EU Artificial Intelligence Act, the Digital Services Act, the Digital Markets Act, the Data Act and the Cyber Resilience Act, among others, impose stringent and duplicative regulations that stifle innovation, drive up compliance costs, delay product launches, restrict access to data, and expose companies to billions in fines.

Before AI systems are even put on the market, the AI Act alone requires predeployment risk assessments and mitigation systems, high-quality data sets, detailed logs, documentation of system functionality, and human oversight. Many of these requirements are impractical for frontier AI development. They are less a safety framework than a blueprint for driving innovation out of Europe.

The act erects massive barriers to entry to the market. Mistral AI CEO Arthur Mensch, who heads Europe’s most prominent homegrown AI company, argues that the act “effectively solidifies the existence of two categories of companies: those with the right to scale . . . and those that can’t because they lack an army of lawyers, i.e., the newcomers.” Mr. Mensch argues that the AI Act should have focused on product safety for specific high-risk applications such as healthcare instead of regulating foundation models.

If the EU doesn’t change course, the U.S. could leave Europe behind—an undesirable outcome for America and our European partners. Europe would be disarmed economically and militarily, and we would be without powerful allies in a race against Chinese dominance. America is pursuing a pragmatic, growth-centric approach to AI. The U.S. 2025 AI Action Plan is based on three pillars: “innovation, infrastructure, and international diplomacy and security.” It acknowledges that American regulatory structures must encourage rapid and comprehensive innovation in developing and distributing AI technology.

Europe can play in that architecture—but it must show up as a genuine partner. The State Department’s Pax Silica initiative is building the network the AI race requires, knitting together energy, critical minerals, semiconductor manufacturing and computing capacity across trusted nations. The EU’s talent, capital and industrial base belong in that network.

Europe can join the U.S. and other AI-first economies, or it can continue regulating its way into irrelevance. We hope it will join.

Mr. Puzder is U.S. ambassador to the European Union. Mr. Helberg is undersecretary of state for economic growth, energy and the environment.

Free Expression: A Daily Newsletter From WSJ Opinion

Get the Newsletter

Opinion | Chuck Norris Is Still Undefeated

Opinion | To Bury, Not to Praise

Opinion | Will the Real James Fishback Please Stand Up?

About Free Expression

Copyright ©2026 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Already a subscriber? Sign In

Videos

• Labor Market Projections: Financial officers anticipate that artificial intelligence will primarily reduce headcount in routine, clerical, and administrative roles.
• Skill Complementarity: Highly educated positions like architects and engineers are expected to persist, as technology serves to enhance rather than replace these specialized functions.
• Aggregate Employment Impact: Empirical data from late 2025 and 2026 indicates that artificial intelligence is projected to lower total company payrolls by approximately 0.4 percent.
• Skills Biased Change: Technological evolution follows a historical pattern of hollowing out routine cognitive labor while increasing demand for advanced educational credentials.
• Economic Mobility Concerns: The reduction of entry-level support roles may restrict traditional avenues for workers seeking to transition into the middle class.
• Corporate Scale Disparities: Larger firms prioritize cost-cutting through automation, whereas smaller enterprises are more likely to utilize new tools to facilitate organizational expansion.
• Dynamic Market Evolution: Established survey samples may overlook broader job creation potential emerging from new, technology-driven startup industries.
• Resource Allocation Monitoring: Financial leadership roles provide primary insights into internal firm adjustments and the strategic deployment of human capital amid changing technological landscapes.

By

Justin Lahart

Updated March 24, 2026 7:15 am ET

7

Larger companies were more apt to say they were cutting routine workers because of AI, according to a recent study. Kevin Serna for WSJ

America’s chief financial officers say that artificial intelligence will push some people out of their jobs: primarily workers in routine, clerical and administrative roles. Workers with highly skilled roles, such as architects and engineers, are more likely to keep their jobs, especially if they can use AI to their advantage.

A new study, based on a survey of about 750 chief financial officers, found that so far AI had essentially no employment effect in 2025 and that most expect AI will lead their companies to trim only a small number of their overall jobs this year.

It is still possible that workers with jobs that require more education and more training could eventually get hit, “but probably not in 2026,” said John Graham, an economist at Duke University and one of the paper’s authors. It was released this week as a working paper on the National Bureau of Economic Research website.

Graham has been surveying chief financial officers about their expectations for their companies and the overall economy for 30 years. CFOs are uniquely placed to understand the inner workings of their companies, Graham said, since it is their job to keep watch on how company resources are being deployed. 

The survey, produced with economists from the Federal Reserve Banks of Atlanta and Richmond, was conducted in late 2025 and early 2026. It showed that, in aggregate, CFOs expected that AI would reduce their companies’ head count this year by about 0.4%, compared with what it otherwise would have been.

The CFOs represent a range of industries, including finance, tech, manufacturing and professional services, and the survey is conducted quarterly. For this edition, in addition to regular questions about their outlook, the CFOs were asked an array of questions about AI.

The CFOs were twice as likely to say that AI could lead to job cuts as they were to say it would enhance work in office- and administrative-support areas such as bookkeeping, clerical work and customer service.

But for other, more advanced roles, they were more likely to say that AI would enhance work as opposed to eliminating it. This was especially true of some roles that required high levels of education.

That pattern echoes what economists call skills-biased technological change: the tendency of some new technologies to hollow out routine work while complementing jobs held by more highly educated workers.

When personal computers started arriving in offices in the 1980s, college-educated employees such as financial analysts, scientists and consultants were able to do more at work. But jobs that entailed doing more routine cognitive work such as typists and back-office bookkeepers—roles that had once promised a solid path to the middle class—were no longer so vital.

Those jobs didn’t disappear, but the share of workers doing those kinds of office support roles shrank. More workers who lacked a college degree crowded into lower-paying roles that hadn’t been displaced by the computer, such as leisure and hospitality work. 

Whether AI will ultimately be skills-biased, hurt the highly educated more or broadly raise worker productivity is a topic of debate among economists.

One unsettling problem for workers: The people who do lose their jobs won’t necessarily get the new jobs that AI creates. Atlanta Fed economist Salomé Baslandze, one of the study’s authors, is optimistic that AI will eventually create new types of work. But she also said that many of the roles the CFOs point to AI reducing are “stepping stones” for moving into the middle class.

That could be especially hard on young people looking to land that first job. 

Graham cautioned that even though the study signaled that AI would slightly weigh on overall employment, the survey only includes companies that are already established, as opposed to new ones.

That matters, because it is often new companies embracing new technologies and figuring out how to use them that propel job creation. The personal computer didn’t just change what existing businesses did, for example, but gave rise to entirely new industries.

SHARE YOUR THOUGHTS

Which human skills will become more important to possess as AI tools take on a larger role in the workplace? Join the conversation below.

Indeed, the survey hinted at that dynamic. Larger companies—those with 500 or more employees—were more apt to say they were cutting routine workers, while keeping employment of “skilled technical” workers flat. In contrast, smaller companies said that they planned to keep employment of routine workers flat, and step up employment of more skilled technical workers.

That suggests that larger companies, which tend to grow more slowly and are focused on squeezing out efficiency, have stronger incentives to use AI to cut costs. On the other hand, said Graham, “small companies look at this and think, ‘This gives us opportunities to expand.’”

Corrections & Amplifications
Atlanta Fed economist Salomé Baslandze’s name was missing from an earlier version of this article. (March 24)

Copyright ©2026 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Justin Lahart is an economics reporter based in New York. Previously, Justin was a Heard on the Street columnist and wrote the Ahead of the Tape column.

Videos