Curl, an essential open-source project, is experiencing an influx of low-quality AI-generated security reports, jeopardizing its bug bounty program's future. Founded by Daniel Stenberg, curl has utilized this program since 2019 to reward users for finding genuine vulnerabilities, having paid over $90,000 for 81 confirmed fixes. The rise in nonsensical submissions is exhausting the volunteer security team, with 20 percent of recent reports identified as AI-generated. By July, only 5 percent of all reports had a favorable validation rate, highlighting the impact of these submissions on operational efficiency.
Daniel Stenberg stated, "does not seem to slow down. On the contrary, it seems that we have recently not only received more AI slop but also more human slop."
The curl bug bounty programme has led to a notable success, with over $90,000 paid out for 81 confirmed security fixes that have made the internet safer.
Collection
[
|
...
]