Spamming Devs With AI GIGO To Claim A Bounty Makes You A Bad Person

First they came for Python, bombarding the developers with AI generated bug reports which are utter garage, in the hopes of getting a bug bounty.  Now opportunistic people with little to no expertise in programming  are bombarding Curl project founder Daniel Stenberg with crap AI generated vulnerability reports for Curl.  This is a huge problem because it takes seconds to feed code into an LLM so that it can hallucinate a bug, but it takes hours or days to test the code to check the veracity of the bug report.  This not only annoys the developers, it means that valid Curl bug reports are buried in an avalanche of utter dreck.

Curl offers a bounty of up to $9,200 for a valid report, which is what has triggered this mendacious behaviour and is why Daniel has stated “We now ban every reporter instantly who submits reports we deem AI slop,”.

Friends don’t let friends DDoS open source developers with LLM hallucinated bug reports!