Curl maintainer: AI security reports are no longer slop
4 days ago
- #security
- #open-source
- #AI
- Security report frequency has doubled since 2025, surpassing pre-AI levels.
- Report quality is higher, with 15-16% confirmed as vulnerabilities.
- AI is now used in almost every security report, improving detail and duplication.
- Multiple open-source projects (e.g., Apache httpd, curl, Firefox) confirm similar trends.
- The curl project expects a record number of CVEs in 2026, potentially around 50.
- AI tools are finding long-standing bugs, reducing future vulnerabilities and attack surfaces.
- Maintainers face overload, but early bug detection may improve coding standards.
- Software complexity must be managed to prevent new bugs despite AI advancements.