Google is banning AI-generated submissions to its Open Source Software Vulnerability Reward Program due to low-quality reports filled with hallucinations and low-impact bugs. To filter noise, Google now requires higher-quality proof such as OSS-Fuzz reproductions or merged patches. Meanwhile, the Linux Foundation is also overwhelmed by AI-generated bug reports and has secured $12.5 million in funding from Google, Anthropic, AWS, Microsoft, and OpenAI. The funds, managed by Alpha-Omega and the Open Source Security Foundation, will provide AI tools to help open-source maintainers triage and process the surge of AI-generated security submissions.
Sort: