The CURL Project Drops Bug Bounties Due To AI Slop

January 26, 2026 by Maya Posch 44 Comments

Over the past years, the author of the cURL project, [Daniel Stenberg], has repeatedly complained about the increasingly poor quality of bug reports filed due to LLM chatbot-induced confabulations, also known as ‘AI slop’. This has now led the project to suspend its bug bounty program starting February 1, 2026.

Examples of such slop are provided by [Daniel] in a GitHub gist, which covers a wide range of very intimidating-looking vulnerabilities and seemingly clear exploits. Except that none of them are vulnerabilities when actually examined by a knowledgeable developer. Each is a lengthy word salad that an LLM churned out in seconds, yet which takes a human significantly longer to parse before dealing with the typical diatribe from the submitter.

Although there are undoubtedly still valid reports coming in, the truth of the matter is that the ease with which bogus reports can be generated by anyone who has access to an LLM chatbot and some spare time has completely flooded the bug bounty system and is overwhelming the very human developers who have to dig through the proverbial midden to find that one diamond ring.

We have mentioned before how troubled bounty programs are for open source, and how projects like Mesa have already had to fight off AI slop incidents from people with zero understanding of software development.

Hackaday Links: December 8, 2024

December 8, 2024 by Dan Maloney 14 Comments

For some reason, we never tire of stories highlighting critical infrastructure that’s running outdated software, and all the better if it’s running on outdated hardware. So when we learned that part of the San Francisco transit system still runs on 5-1/4″ floppies, we sat up and took notice. The article is a bit stingy with the technical details, but the gist is that the Automatic Train Control System was installed in the Market Street subway station in 1998 and uses three floppy drives to load DOS and the associated custom software. If memory serves, MS-DOS as a standalone OS was pretty much done by about 1995 — Windows 95, right? — so the system was either obsolete before it was even installed, or the 1998 instance was an upgrade of an earlier system. Either way, the San Francisco Municipal Transportation Agency (SFMTA) says that the 1998 system due to be replaced originally had a 25-year lifespan, so they’re more or less on schedule. Replacement won’t be cheap, though; Hitachi Rail, the same outfit that builds systems that control things like the bullet train in Japan, is doing the job for the low, low price of $212 million.

Continue reading “Hackaday Links: December 8, 2024” →

Hackaday

libcurl

2 Articles

The CURL Project Drops Bug Bounties Due To AI Slop

Hackaday Links: December 8, 2024

Search

Never miss a hack

If you missed it

Building Natural Seawalls To Fight Off The Rising Tide

Ask Hackaday: How Do You Digitize Your Documents?

The Amazing Maser

Zombie Netscape Won’t Die

Does Carbon Fiber PLA Make Sense?

Our Columns

Secret Ingredients

Hackaday Podcast Episode 355: Person Detectors, Walkie Talkies, Open Smartphones, And A WiFi Traffic Light

Did We Overestimate The Potential Harm From Microplastics?

FLOSS Weekly Episode 862: Have Your CAKE And Eat It Too

The Fancy Payment Cards Of Taiwan

Search

Never miss a hack

Subscribe

If you missed it

Our Columns