"Recently I've noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects," he wrote, pointing to similar findings from the Curl project in January. "These reports appear at first glance to be potentially legitimate and thus require time to refute."
Daniel Stenberg noted, "We receive AI slop like this regularly and at volume. You contribute to [the] unnecessary load of Curl maintainers and I refuse to take that lightly and I am determined to act swiftly against it."
Larson argued that low-quality reports should be treated as if they're malicious, stressing the need for bug hunters to rely less on AI-generated submissions.
Collection
[
|
...
]