Slashdot

Curl Battles Wave of AI-Generated False Vulnerability Reports

The curl open source project is fighting against a flood of AI-generated false security reports. Daniel Stenberg, curl's original author and lead developer, declared on LinkedIn that they are "effectively being DDoSed" by these submissions. "We still have not seen a single valid security report done with AI help," Stenberg wrote. This week alone, four AI-generated vulnerability reports arrived seeking reputation or bounties, ArsTechnica writes. One particularly frustrating May 4 report claiming "stream dependency cycles in the HTTP/3 protocol stack" pushed Stenberg "over the limit." The submission referenced non-existent functions and failed to apply to current versions. Some AI reports are comically obvious. One accidentally included its prompt instruction: "and make it sound alarming." Stenberg has asked HackerOne, which manages vulnerability reporting, for "more tools to strike down this behavior." He plans to ban reporters whose submissions are deemed "AI slop." Read more of this story at Slashdot.

May 7, 2025 - 19:17
 0
Curl Battles Wave of AI-Generated False Vulnerability Reports
The curl open source project is fighting against a flood of AI-generated false security reports. Daniel Stenberg, curl's original author and lead developer, declared on LinkedIn that they are "effectively being DDoSed" by these submissions. "We still have not seen a single valid security report done with AI help," Stenberg wrote. This week alone, four AI-generated vulnerability reports arrived seeking reputation or bounties, ArsTechnica writes. One particularly frustrating May 4 report claiming "stream dependency cycles in the HTTP/3 protocol stack" pushed Stenberg "over the limit." The submission referenced non-existent functions and failed to apply to current versions. Some AI reports are comically obvious. One accidentally included its prompt instruction: "and make it sound alarming." Stenberg has asked HackerOne, which manages vulnerability reporting, for "more tools to strike down this behavior." He plans to ban reporters whose submissions are deemed "AI slop."

Read more of this story at Slashdot.

Read More

Tags:

Previous Article

Google confirms Android 16's useful new battery health tools will skip older Pix...

Next Article

Uber-rival BluSmart investors propose resolution with $30M backing for its revival

Related Posts

Apple Removes 'Available Now' Claim from Intelligence Page Following NAD Review

Apple Removes 'Available Now' Claim from Intelligence P...

Apr 22, 2025  0

Amazon CEO Jassy Warns of AI's Unprecedented Adoption Speed, Education Shortfalls

Amazon CEO Jassy Warns of AI's Unprecedented Adoption S...

May 1, 2025  0

Amazon Has Paused Some Data Center Lease Commitments, Wells Fargo Says

Amazon Has Paused Some Data Center Lease Commitments, W...

Apr 21, 2025  0