Navigating the Rising Tide of AI Slop in Open-Source Vulnerability Reporting
Daniel Stenberg, the founder of the curl utility, faces a growing challenge: an influx of low-quality bug reports generated by AI tools—dubbed “AI slop.” Over the past year, the percentage of unverified submissions has surged, complicating the bug bounty framework and overwhelming the curl maintenance team.
Key Insights:
- AI Slop Surge: In 2025, nearly 20% of submissions are bogus, with a mere 5% turning out genuine.
- Emotional Toll: Stenberg laments the time wasted on poorly crafted reports, affecting team morale and efficiency.
- Policy Changes: The team might need to reconsider their bug bounty program, which has awarded over $90,000 since 2019.
Stenberg emphasizes the necessity for curbing AI misuse, stating, “You should check all facts before passing on reports.”
Join the conversation! How do you think AI should impact software development? Share your thoughts below!
