---

Abstract #

The financial technology open-source ecosystem experienced rapid growth in early 2026, driven by the convergence of AI-powered trading agents, prediction market infrastructure, and quantitative research frameworks. This article surveys 89 newly created repositories (January-March 2026) across trading automation, risk management, portfolio optimization, and payment infrastructure. We evaluate repository quality through the Trusted Open Source Index methodology established in this series, applying trust signals including license transparency, documentation completeness, and community governance patterns. Our analysis reveals that 53% of new fintech repositories lack any open-source license, that prediction market tooling has displaced traditional exchange-focused projects as the dominant category, and that Python and TypeScript together account for 73% of the language distribution. These findings quantify both the innovation velocity and the trust deficit in financial open-source software, providing practitioners with an evidence-based framework for evaluating emerging tools.

1. Introduction #

In the previous article, we examined the developer infrastructure landscape through the lens of build tools and CI/CD innovations, identifying trust patterns that distinguish sustainable projects from ephemeral experiments (Ivchenko, 2026^[2]). We now turn our attention to financial technology, a domain where the stakes of trusting open-source code are measured not in build failures but in direct monetary loss.

The financial technology open-source ecosystem in 2026 operates at an unprecedented scale. The FINOS State of Open Source in Financial Services Report (2025) found that 90% of financial institutions now view open-source software as strategically important, while the Black Duck 2026 OSSRA Report documented a doubling of open-source vulnerabilities coinciding with AI-accelerated development velocity. This tension between accelerating adoption and degrading security defines the current moment for fintech open source.

Three research questions guide this analysis:

RQ1: What is the compositional structure of newly created financial technology repositories in Q1 2026, and how does the category distribution compare to traditional fintech expectations?

RQ2: What proportion of new fintech repositories meet minimum trust thresholds as defined by the Trusted Open Source Index, and which trust signals show the largest deficits?

RQ3: How do AI-native financial tools (LLM-powered agents, prediction market bots) differ from traditional quantitative finance repositories in terms of trust indicators and community health?

These questions matter for the Trusted Open Source series because financial software occupies a unique position in the trust hierarchy: the consequences of running unaudited code are immediate and financial, yet the speed of the current fintech open-source cycle actively discourages thorough evaluation.

2. Existing Approaches (2026 State of the Art) #

Current approaches to evaluating open-source financial software fall into three broad categories: platform-level metrics, security-focused auditing, and domain-specific trust frameworks.

Platform-level metrics rely on GitHub signals such as star count, fork ratio, contributor diversity, and issue response time. The OpenSSF Scorecard project automates these checks across repositories, producing a composite score from 0-10. However, research on software supply chain security demonstrates that platform metrics alone fail to capture domain-specific risks in financial code (Ladisa et al., 2025^[3]). A trading bot with 500 stars and rapid issue response may still contain subtle financial logic errors that platform metrics cannot detect.

Security-focused auditing has intensified following high-profile supply chain attacks. The ReversingLabs 2026 Software Supply Chain Security Report documented a 73% increase in open-source malware detections in 2025, with financial tooling increasingly targeted. GitHub’s Security Lab expanded its AI-powered vulnerability scanning across 67 open-source AI projects in February 2026, shifting maintainers from reactive fixes to systematic threat modeling (GitHub Security Lab, 2026^[4]). Yet security audits remain episodic rather than continuous for most financial repositories.

Domain-specific trust frameworks include the FINOS community standards for financial open source and the emerging FinGPT ecosystem for democratizing financial AI. Yang et al. proposed the FinGPT framework specifically to address the data access asymmetry between proprietary and open-source financial LLMs (Yang et al., 2025^[5]). The FinRobot platform extended this to multi-agent financial applications (Yang et al., 2025b^[6]), while FinWorld offered an end-to-end platform for financial AI research and deployment (Zhang et al., 2025^[7]).

flowchart TD
    A[Platform Metrics
Stars, Forks, Issues] --> D[Limited: No domain
financial logic check]
    B[Security Auditing
SAST, SCA, SBOM] --> E[Limited: Episodic,
not continuous]
    C[Domain Trust Frameworks
FINOS, FinGPT, FinWorld] --> F[Limited: Coverage
gaps in new repos]
    D --> G[Trust Gap in
Financial OSS]
    E --> G
    F --> G

A key limitation across all three approaches is their retrospective nature: they evaluate established projects rather than providing trust signals for newly emerging repositories. Our Trusted Open Source Index methodology addresses this gap by combining real-time repository metadata analysis with domain-specific quality indicators.

3. Quality Metrics and Evaluation Framework #

We evaluate our research questions using metrics that combine quantitative repository analysis with trust-signal assessment derived from the Trusted Open Source Index methodology.

RQ	Metric	Source	Threshold
RQ1	Category Distribution Entropy	GitHub API repository metadata	Shannon entropy H > 1.5 for healthy diversity
RQ2	Trust Signal Compliance Rate	License, README, CONTRIBUTING presence	>= 60% for minimum trust
RQ3	AI-Native vs Traditional Trust Delta	Composite trust score comparison	Statistically significant difference (p < 0.05)

For RQ1, we classify repositories into five categories (Trading Bots, Prediction Markets, Risk/Portfolio, Payments/Banking, Other Financial) based on description and topic analysis, then compute Shannon entropy to measure distribution diversity.

For RQ2, we define minimum trust thresholds based on three essential signals: (1) an OSI-approved license, (2) a README with installation and usage instructions, and (3) absence of known malicious patterns. Research on software supply chain attacks confirms that license absence correlates with higher risk of malicious packages (Ohm et al., 2022^[8]).

For RQ3, we compare trust scores between repositories that incorporate LLM/AI components (detected via dependency analysis and description keywords) and traditional algorithmic trading or quantitative finance repositories.

graph LR
    subgraph Data_Collection
        A[GitHub API] --> B[89 Repos
Jan-Mar 2026]
    end
    subgraph Analysis
        B --> C[Category
Classification]
        B --> D[Trust Signal
Extraction]
        B --> E[AI-Native
Detection]
    end
    subgraph Evaluation
        C --> F[RQ1: Distribution
Entropy]
        D --> G[RQ2: Compliance
Rate]
        E --> H[RQ3: Trust
Delta]
    end

4. Application to Our Case #

4.1 Data Collection and Repository Landscape #

We queried the GitHub Search API for repositories created between January 25 and March 26, 2026, using financial technology keywords (fintech, trading, quantitative finance, risk management, portfolio optimization, payment gateway, financial AI). After deduplication, we obtained 89 unique repositories with more than 5 stars.

The language distribution reveals a nearly equal split between Python (33 repositories, 37%) and TypeScript (32 repositories, 36%), with Rust, Jupyter Notebook, and other languages comprising the remainder. This Python-TypeScript dominance reflects the dual nature of fintech development: Python for quantitative analysis, backtesting, and AI model integration; TypeScript for web-based trading interfaces, API wrappers, and real-time market data processing.

4.2 Category Analysis (RQ1) #

The category distribution challenges conventional expectations about fintech open source. Prediction market tooling (27 repositories, 30%) has emerged as the dominant category, surpassing traditional trading bots (16 repositories, 18%). This shift reflects the explosive growth of platforms like Polymarket, Kalshi, and decentralized prediction markets on Solana, which created demand for arbitrage bots, copy-trading tools, and market-making infrastructure.

The Risk/Portfolio category (14 repositories, 16%) includes notable entries such as AKQuant (624 stars), a high-performance quantitative research framework, and AlphaGPT (1,911 stars from the broader search), which applies symbolic regression for factor discovery in equity and crypto markets. The Payments/Banking category (7 repositories, 8%) remains the smallest, suggesting that payment infrastructure innovation has shifted to enterprise-internal or proprietary development.

Shannon entropy for the five-category distribution is H = 2.14, which exceeds our 1.5 threshold and indicates reasonable diversity despite prediction market dominance.

4.3 Trust Signal Analysis (RQ2) #

The license analysis reveals the most concerning trust deficit. Of 89 repositories, 47 (53%) lack any declared license. Among licensed repositories, MIT dominates (31 repositories, 35%), followed by Apache-2.0 (4 repositories, 4%) and NOASSERTION (5 repositories, 6%). The NOASSERTION category — where GitHub detects a license file but cannot classify it — represents an additional trust ambiguity.

This 53% unlicensed rate significantly exceeds the 15-20% typically reported for open-source repositories across all domains in the Black Duck 2026 OSSRA Report, indicating that fintech repositories exhibit substantially lower baseline trust than general open source. The research literature on software supply chain security identifies license absence as a primary indicator of either negligent maintenance or deliberate obfuscation (Zahan et al., 2024^[9]).

4.4 AI-Native vs Traditional Repository Trust (RQ3) #

The scatter plot of star accumulation versus repository age reveals distinct patterns by category. Prediction market repositories (black markers) cluster in the high-star, low-age quadrant, suggesting rapid viral adoption driven by immediate utility rather than sustained community evaluation. Traditional Risk/Portfolio repositories accumulate stars more gradually but demonstrate higher trust signal compliance.

Among AI-native financial repositories, we identify several notable projects:

OpenAlice (2,900 stars, created February 2026): A file-driven AI trading agent engine for crypto and securities markets, representing the emerging pattern of LLM-powered autonomous trading.

PMXT (1,166 stars, created January 2026): A unified API for prediction markets, analogous to CCXT for traditional exchanges. Licensed under a permissive license with active community governance.

ATLAS by General Intelligence Capital (1,005 stars, created March 2026): Self-improving AI trading agents using knowledge graphs, representing the frontier of autonomous financial AI.

The trust delta between AI-native and traditional repositories is measurable: AI-native repositories average 41% license compliance versus 52% for traditional quantitative finance tools. AI-native repositories also exhibit higher star-to-contributor ratios (indicating potential single-developer dependency) and lower documentation completeness scores.

4.5 Standout Repositories for Practitioners #

Based on our trust assessment, we highlight repositories that combine innovation with adequate trust signals:

1. AKQuant (624 stars, MIT license, Python): A quantitative research and trading framework built on Rust and Python, with clear documentation and active maintenance. The dual-language architecture reflects a growing trend of performance-critical backends in Rust with Python interfaces for research workflows.

1. Awesome Finance Skills (330 stars, Apache-2.0, Python): A curated collection of financial analysis agent skills designed for integration with AI coding assistants. This represents the new paradigm of AI-augmented financial analysis tooling.

1. OKX Agent Trade Kit (134 stars, MIT, TypeScript): An officially maintained agent trading toolkit from the OKX exchange, notable for institutional backing and clear licensing. Published alongside the broader trend of exchange-native open-source tooling.

1. Finance Skills for Claude Code (39 stars, MIT, Python): Demonstrates the emerging pattern of financial data skills packaged specifically for AI agent frameworks, with 220+ Tushare Pro API interfaces for Chinese equity data.

flowchart LR
    subgraph Trust_Signals
        L[License Present] --> T[Trust Score]
        D[Documentation] --> T
        C[Community Health] --> T
        S[Security Practices] --> T
    end
    subgraph Categories
        PM[Prediction Markets
30%, Low Trust] --> R[Recommendation:
Evaluate Carefully]
        TB[Trading Bots
18%, Mixed Trust] --> R
        RP[Risk/Portfolio
16%, Higher Trust] --> A[Recommendation:
Adopt with Review]
        PB[Payments/Banking
8%, Highest Trust] --> A
    end

5. Conclusion #

RQ1 Finding: The compositional structure of Q1 2026 fintech repositories is dominated by prediction market tooling (30%), displacing traditional exchange-focused trading bots (18%) as the primary category. Measured by Shannon entropy = 2.14 (above 1.5 threshold), the distribution shows healthy diversity despite prediction market concentration. This matters for our series because it signals a structural shift in financial open-source activity toward decentralized and event-driven markets that our trust index methodology must accommodate.

RQ2 Finding: Only 47% of new fintech repositories meet the minimum trust threshold of having a declared open-source license, compared to 80-85% across general open-source software. Measured by license compliance rate = 47% (below 60% minimum trust threshold). This matters for our series because it identifies financial technology as a domain requiring enhanced scrutiny in our Trusted Open Source Index, and suggests that domain-specific trust signals beyond license presence are needed for adequate evaluation.

RQ3 Finding: AI-native financial repositories exhibit a measurable trust deficit compared to traditional quantitative finance tools, with license compliance rates of 41% versus 52% respectively. Measured by trust delta = 11 percentage points lower for AI-native repositories. This matters for our series because the fastest-growing segment of financial open source is simultaneously the least trustworthy by our metrics, creating an urgent need for AI-specific trust evaluation criteria in subsequent index iterations.

The next article in this series will examine quarterly benchmark data for Q1 2026, synthesizing trust score evolution across all domains surveyed to date — healthcare AI, developer infrastructure, and now financial technology — into a unified Trusted Open Source Trust Score Evolution report.