How would you decide what is the middle ground though? If a project allows some AI-generated PR if its good quality, then it is a burden on the reviewer on what is considered good or not.
You can introduce a social/trust element to it, something like: Join our Discord, chat to us, come to our "office hours" video calls first, then you get to contribute.
Maybe also limit the size/scope of external contributions (only small bug fixes allowed for your first few PRs)