Curl: We still have not seen a single valid security report done with AI help
a year ago
- #AI
- #OpenSource
- #Security
- Daniel Stenberg, the curl CEO, is implementing strict measures against AI-generated security reports on HackerOne for curl.
- Reporters must now declare if they used AI to find or generate their submission, with follow-up questions if they did.
- Instant bans will be issued for reporters submitting what is deemed 'AI slop', as these reports are overwhelming the system.
- The idea of requiring a small deposit from researchers, refundable only if the report is valid, is being considered to reduce noise.
- There's a discussion on whether public bug bounty programs are still viable in the age of AI-generated attacks.
- Suggestions include HackerOne implementing identity verification and a point system to penalize repeat offenders of low-quality submissions.
- The issue reflects broader concerns about the sustainability of handling AI-generated content and attacks in tech security.