161
Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" (arstechnica.com)
submitted 2 weeks ago by cm0002@libretechni.ca to c/opensource@programming.dev
7 comments fedilink hide all child comments

The project developer for one of the Internet’s most popular networking tools is scrapping its vulnerability reward program after being overrun by a spike in the submission of low-quality reports, much of it AI-generated slop.

“We are just a small single open source project with a small number of active maintainers,” Daniel Stenberg, the founder and lead developer of the open source app cURL, said Thursday. “It is not in our power to change how all these people and their slop machines work. We need to make moves to ensure our survival and intact mental health.”

you are viewing a single comment's thread
view the rest of the comments
[-] panda_abyss@lemmy.ca 13 points 2 weeks ago

This is more on morons than AI.

To paraphrase Chuck McGill, AI is like giving a chimp a machine gun.

[-] Avicenna@programming.dev 1 points 2 weeks ago

Seems like this became a big problem for open source maintainers. Not just people submitting AI generated wrong bug reports but also then answering back with LLM too. So whereas it might take a maintainer 5 mins to read a reply and come up with a response, it takes the submitter about couple seconds. Going for a few cycles, take about half 10-20 mins per report from your volunteering time. They really eat up people's bandwith. And spotting such bug reports just from the language alone will likely become harder and harder.

this post was submitted on 23 Jan 2026
161 points (97.1% liked)

Opensource

5503 readers
263 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev