Personally I just stopped accepting public contributions entirely. File issues, sure, but no PRs apart from accounts I added who have contributed before the slopageddon started.
Maybe the whole web-of-trust idea will make a comeback for code contributions, it seems like a clean solution.
I think the comparison to email spam is apt. The answer to that problem was automated spam filters.
Imagine the difficulty you might find interacting with the world if your inbox was set up such that all emails not literally written by a human were auto-deleted. No account recovery, no receipts, etc. Individuals might choose to do that for themselves but it's not the general case answer.
For example, a github cicd automerge pipeline is still good.
LuaJIT has operated this way since 2012, though with a thanks and mention in the commit message. It seems like a good way to filter out people who prioritizes leveling up their github profiles.
Something a little bit similar, when I was hosting a social game server we had mods. And players always beg for mod status. At first I tried naming the admin group something weird like sandals, but eventually people would ask if they could be sandals too.
What worked best in the end was just hiding it completely making regular players see mods as other regular players. (mods would see who is a mod though)
I would also personally never make someone who asks a mod as it's almost always a sign of wanting power for the sake if it. I would instead just passively observe behavior until I trusted the player and make them a mod. I would then tell them that I don't expect them to exercise their power, but would demote if I see abuse of power.
Some can fix real issues, with a well targeted fix (not rewriting the world), well defined test and write up. If you accepted PRs before for other issues, you should be able to review and accept those too.
The other part of the litmus test is "does the person submitting actually understand what they're submitting and why" - which is arguably not required for PRs that you'd otherwise accept, but since you have to put time and effort into determining whether a given contribution is ok to merge, it's common decency for the submitter to have done a self review first (AI or no AI)
If even a preponderance of AI driven contributions were good, there wouldn't be blog posts and announcements making HN's front page daily about how various OSS projects and/or prominent figures were figuring out how to filter them/exclude them entirely.
If AI code was good, there wouldn't be such a thrust among so many varying communities to remove it, or ignore it.
There is, because it isn't, and because maintainers are getting fed up with it. There are good PR's just like there are emails that aren't spam that get caught in spam filtering, but spam filtering is still the default position because to allow it all is onerous to the people involved.
Okay, who is going to wade through the noise to find the signal? You?
I mean, sure, I have to make the final determination. But you should not be sending me uncurated slop.