AI generated code in the Defold Game Engine codebase

Hello Fellow Defold community members.

I know that this might be a heated topic. Also, I’m not sure if this is the correct category for this topic.

Many developers talk about using AI generated content and code in their projects. Many developers avoid using AI tools at all. I have rarely seen developers discussing the state of AI code and content in the tools that they use.

In the case of a game engine, if the engines codebase includes AI generated code, whether you are pro-AI or anti-AI, you are shipping a product with Ai generated code that you might not be aware of.

I understand that a project as large as the Defold game engine might not be able to vett all code submitted or dependencies that are used.

I will state that I am against the use of AI generated content. Content such as images, assets, audio, and code. I find the current state of AI generated content to be unethical at the moment.

Having been advised that from a legal position, considering the current legal status of AI generated content, that shipping a commercial product with anything generated by AI is a risk.

Another point that has been raised with me is in regards to Steams AI disclosure. If you create a game with a game engine that contains AI generated code, would you be required to disclose the use of AI generated content on Steam? If you don’t know if it contains AI generated code, how can you make that disclosure?

Should the Defold Foundation make their position on AI generated code being contributed to the codebase easily discoverable?

Does anyone not contributing to the codebase know if AI generated code is permitted?

There may be many developers that never go to the GitHub repository, so they might never know what the position on AI generated code submissions is.

I understand that this might be controversial, but I believe that transparency is important.

Also, I would not want to see Defold be damage if future legal cases determine that AI generated code violate licenses or copyright laws.

I hope that this can form a constructive discussion in the community.

Regards,

AcidicWombat.

I do agree that the topic of AI is controversial, but I also do not feel we should shy away from having such conversations in the open. Thank you for bringing this up for discussion!

The Defold game engine consists of not only the engine itself, but also several other “products” or “components” such as the editor, the command line tools and the build servers. All of these “components” have third party dependencies to a long list of open source projects (defold/COMPLYING_WITH_LICENSES.md at dev · defold/defold · GitHub). We can not know if AI generated code is used in any of these dependencies.

Perhaps in the future there will be a “Certified Original Code” labelling to tell developers if a code base is fully original without even a single line of AI generated code.

We are discussing this internally but have not decided how to proceed. How should we communicate whichever stance we take on AI generated code? We should at the very least put something in the Contributor Guidelines. What are others doing?

For external contributors we do require them to sign our CLA which among other things state “You represent that each of Your Contributions is Your original creation”. The question is still how we would know if it is an original creation or AI generated code?

As for our own use of AI there is some. From time to time we use Codex to assist with tasks such as:

• Analyse pull requests to find weaknesses. In such cases the reviewer and author of the PR will evaluate the findings and decide if the analysis is accurate and if the PR author should adress the findings or not.
• Analyse reported issues and suggest possible root causes. This initial analysis can be a good starting point for a developer when fixing a bug.
• Generate test data
• For repetitive and mundane tasks. Two examples which spring to mind are 1) when we extract hardcoded strings in the editor so that we can localize them and 2) when we migrate WAF build scripts to CMake.
• Data processing for presentation in internal and external form, such as defold.com/build-size

We do not let Codex or other AI services run wild in the codebase or solve hard technical problems which require careful design and implementation. We put a lot of pride in the quality of the Defold code base and our focus on engine size and performance would not be possible to maintain if we let go of control over the code we write.

I have the feeling that this ship has already sailed. A huge number of companies have already gone all in on AI generated code. Will it even be possible to roll back? And soon enough it won’t even be possible to tell what’s what anymore…

Great thread, transparency on this topic is important and I mostly align with @AcidicWombat only slightly stronger in that direction.

I believe that that AI companies and promoters are relying on that becoming the accepted way of thinking. Seeing how legislators work, I wouldn’t be surprised if they make laws that would protect the industries that have already invested heavily in AI in their systems. As the saying goes, it is easier to ask for forgiveness than to get permission.

If my understanding is correct, and I could be wrong, the closest we have to any legal status regarding AI generated content is from the US copyright office. Their position is that AI generated content is in the public domain because only content generated by a human being can be copyrighted.

I doubt that large corporations and companies will want that to stay as the status quo. If Microsoft said that 100 percent of Windows code is generated by AI, then Windows would be in the public domain.

That is a good point. I’m not sure how that will play out. Will codebases have to be nuked and everything started again? Will everything need to be audited? If legislators decide that it would be unfair to require code to be cleaned and therefore we pretend copyright laws just don’t apply, are projects that kept their code clean being unfairly punished?

I might have broken up your last paragraph a bit awkwardly to reply.

I understand that things will not be able to be resolved cleanly in the world regarding this topic.

I hope my replies made sense.

I agree that transparency and legal clarity matter. Where I disagree is the framing: “AI-generated code in the engine” isn’t a meaningful category in the way “AI-generated art/audio” can be.

In software, the important question is not what tool produced the first draft of a function, but who takes responsibility for correctness, licensing, and long-term maintenance. Code is an implementation of an algorithm. Most code we write is already a remix of known patterns: bubble sort is bubble sort whether it was typed by a human, suggested by an IDE, copied from a book, or proposed by an LLM. The real risk is unreviewed / unverified / improperly licensed code entering the codebase - and that risk exists with or without AI.

That’s why I don’t think an “AI code” label solves the problem:

• It’s not enforceable. You can’t reliably detect whether a contributor used an LLM, autocomplete, or copied a snippet and rewrote it. And you definitely can’t audit transitive dependencies.

• It’s not predictive of quality. “AI-assisted” code can be excellent if it’s reviewed, tested, and owned by maintainers - and human-written code can be terrible if it isn’t.

• It distracts from the real control points: contribution standards, code review, tests, and licensing compliance.

If the goal is practical risk management, a better approach (in my opinion) is:

1. Keep the focus on the existing requirement that contributors must have the right to submit what they submit.

2. Treat AI assistance like any other source of suggested code: acceptable only if the contributor understands it, can maintain it, and it passes normal review/testing.

3. Communicate this in contributor guidelines as a process/ownership standard - not as a “tag lines of code” policy.

On the Steam disclosure angle: Steam’s survey is about what your shipped product contains and whether it meets Valve’s rules (non-infringing, consistent with marketing, etc.). Turning that into “you must prove your engine and every dependency contains zero AI-touched code” would be impossible for basically everyone.