Open source project curl is sick of users submitting "AI slop" vulnerabilities
a year ago
- #AI Misuse
- #Open Source
- #Security
- Daniel Stenberg, the lead of the curl project, expressed frustration over AI-generated bug reports flooding their channels.
- Curl, a 25-year-old open-source tool, uses HackerOne for vulnerability reports, but AI-generated submissions have become problematic.
- Stenberg announced that suspected AI-generated reports will require verification, and if confirmed, reporters will be banned.
- A recent AI-generated report claimed a novel HTTP/3 exploit in curl, but the submission contained errors and irrelevant details.
- The submitter failed to provide a valid patch, cited non-existent functions, and gave irrelevant hardening advice.