literally the dumbest thing I've ever read

A security researcher submitted a fake vulnerability report claiming to have found a critical buffer overflow in curl's cookie parsing mechanism. The report was generated using AI and contained a proof-of-concept that didn't actually call any curl functions, instead triggering a basic C string overflow in their own test code. Daniel Stenberg, curl's maintainer, quickly identified the report as AI-generated nonsense and closed it as invalid. This incident highlights the growing problem of AI-generated spam in bug bounty programs, wasting maintainers' time with false vulnerability reports.