🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

Curl project discontinued its HackerOne bug bounty program due to overwhelming AI-generated false vulnerability reports. Daniel Stenberg and maintainers faced a flood of low-quality submissions with fabricated security issues, including reports about non-existent buffer overflows and use-after-free bugs in unrelated code. The signal-to-noise ratio became unsustainable, with AI-generated reports wasting time that could be spent on legitimate security work. While AI security research tools like Expo show promise when used properly, indiscriminate automated submissions are forcing critical open-source projects to abandon bug bounty programs entirely.

this makes me really upset

<p>I think AI is going to kill open source for this reason but not only. There will be more on more AI generated PR that will ask the maintainer to look through big PR to understand what the change is really about.</p>
