AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. The influx of automated findings is reshaping the security landscape, but not for the better. From the Linux kernel to open-source utilities like cURL, projects large and small are struggling to separate signal from noise.
Linus Torvalds, the Linux kernel’s creator, recently stated that the flood has made the project’s security mailing list “almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.” His frustration echoes across the industry. The problem is not that AI is useless for security research—it is that the barrier to entry has dropped so low that anyone can run a tool and submit a report without understanding the underlying code or context.
Too many duplicates, and too much AI slop
“If you found a bug using AI tools, the chances are somebody else found it too,” Torvalds wrote in the note accompanying the latest Linux kernel release candidate. He urged researchers to do more than just run automated scans. “If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don’t be the drive-by ‘send a random report with no real understanding’ kind of person.”
Jarom Brown, Senior Product Security Engineer at GitHub, acknowledged last week that while AI lowering the barrier to entry for security research is a welcome development, his team is being inundated by submissions that fail to demonstrate any real security impact. These include reports without a proof of concept, theoretical attack scenarios that don’t hold up under scrutiny, and findings already covered by GitHub’s published ineligible list. The result is a triage nightmare. Brown noted that the volume of noise has forced GitHub to require submitters to validate AI-assisted findings before sending them in, and to include a working proof of concept showing concrete exploitation potential. Reports covering known ineligible categories are now closed as Not Applicable, which may impact a submitter’s HackerOne Signal and reputation.
GitHub is not alone. “Programs across the industry are grappling with the same challenge, and some have shut down entirely,” Brown said. The situation has become so severe that even bug bounty platforms like HackerOne and Bugcrowd are struggling to keep up. They are deploying their own AI filters and adding manual controls, but the deluge continues. The collateral damage extends beyond the programs themselves. Shubham Shah, co-founder of Assetnote and a respected security researcher, says organizations are now taking far longer to review legitimate reports and act on real flaws. That delay is killing the feedback loop that keeps top researchers engaged.
The researcher’s view
Shah noted that while bug bounty platforms are trying to fight the onslaught of AI-created spam with added controls, “the joy of reporting vulnerabilities to bug bounties is quickly dissipating.” He is not alone. Many experienced researchers are reconsidering their participation in public bug bounties. “Hopefully the platforms actually work this out, but until then, I can’t see myself continuing to report high quality original research to certain programs where I have meaningfully contributed for a decade when they fail to understand the difference between myself and a researcher that doesn’t have any credibility,” Shah added. In the near term, some experienced researchers may retreat to private vulnerability research and invite-only bounties, further isolating the public ecosystem from expert input.
The AI-powered “industrialization” of vulnerability discovery is currently a much bigger problem for open source projects than for large organizations like Microsoft or Google. These large companies have dedicated security teams and automated triage pipelines. Open source projects, on the other hand, rely on volunteer maintainers whose number and time are limited. A single maintainer might handle dozens of reports per week, many of which are duplicates or false positives. The strain is leading to burnout and, in some cases, project abandonment.
For example, the cURL project, a widely used command-line tool for transferring data with URLs, faced its own crisis. Lead developer Daniel Stenberg became so overwhelmed by AI-generated reports that the project stopped accepting HackerOne submissions and eliminated monetary rewards for security reports. Stenberg hoped the latter decision would remove the incentive for submitting AI slop. In an April update, he noted that “the slop situation is not a problem anymore.” However, the situation evolved. The project had initially moved to accepting reports via GitHub or email, but that approach proved less effective. After a month, cURL returned to HackerOne, but kept the decision to eliminate bounties. The nature of submissions changed dramatically. Reports rose in volume, but their quality improved—even those compiled with AI assistance were more substantive. The rate of confirmed vulnerabilities surpassed the 2024 pre-AI level. But Stenberg warns that this new influx of “good” vulnerability reports presents its own challenge: “This avalanche is going to make maintainer overload even worse. Some projects will have a hard time handling this kind of backlog expansion without any added maintainers to help.”
Open source bears the brunt
The experience of cURL highlights a paradox: AI can surface real bugs, but it also generates noise that drowns out valuable findings. The balance is delicate. Stenberg’s decision to remove monetary incentives may have reduced spam, but it also risks discouraging ethical researchers who rely on bounties for income. The community is still searching for a sustainable model. HackerOne acknowledged the problem. Michiel Prins, Co-founder and Senior Director of Product Management at HackerOne, told the press that “as AI makes it easier to automate submissions, preserving signal quality becomes critical so open source maintainers can stay focused on fixing real issues.” He advised customers to refine scope and submission guidelines, use AI-assisted triage tools, and pair automation with human oversight. These measures can help, but they are not silver bullets. Smaller projects often lack the resources to implement sophisticated filtering.
The Open Source Security Foundation’s Vulnerability Disclosures Working Group is also seeking community feedback as it works to help open source maintainers tackle AI-generated junk reports. Its goals include compiling best practices, creating policy templates, and developing guidance to help maintainers spot and handle AI-assisted submissions. The working group is still in early stages, but its efforts are critical. As AI tools become more powerful and accessible, the volume of reports will only grow. The security community must adapt or face a breakdown of trust between researchers and maintainers.
In the broader picture, the problem is not unique to security. The same pattern of AI-generated noise is affecting customer support, content moderation, and academic peer review. But in security, the stakes are higher: a missed real vulnerability can lead to breaches, data loss, and reputational damage. Maintainers are stuck between a rock and a hard place. They cannot ignore reports entirely, but they cannot afford to spend hours on each one. The industry needs new standards. Some propose requiring that all AI-assisted reports include a human-verified proof of concept. Others advocate for reputation scoring that rewards researchers who consistently produce high-quality findings. Bug bounty platforms could implement stricter pre-submission validation, such as requiring submitters to answer targeted questions about the vulnerability before it is accepted. These steps would add friction but could dramatically reduce the noise.
The rise of AI in vulnerability discovery is inevitable. The challenge is to harness its potential without destroying the volunteer-driven open source ecosystem. Linus Torvalds’ plea is simple: add value, don’t just generate reports. Until the community figures out how to filter the noise, maintainers will continue to drown. The clock is ticking. Every hour spent triaging a junk report is an hour not spent fixing a real bug. The cost of inaction is measured not only in wasted time but in the security of every system that relies on open source software—which is to say, nearly every system on the internet.
The story of cURL’s return to HackerOne after a brief experiment with GitHub and email submissions illustrates the complexity. The project originally moved away from HackerOne in late 2025, hoping to reduce the spam. But the alternative channels did not work well for receiving legitimate vulnerability reports. After a month, Stenberg reversed course. He noted that the new system, combined with the elimination of bounties, actually improved the quality of submissions. The number of reports went up, but the rate of confirmed vulnerabilities also increased. This suggests that AI, when used responsibly by researchers who understand the code, can be a net positive. The problem is the lazy, automated copy-paste behavior. Stenberg’s solution—removing the financial incentive—may be a model for other open source projects that cannot afford to pay bounties. However, it may not work for all projects, especially those that rely on bounties to attract top talent.
The long-term solution likely involves a combination of technical, social, and economic measures. On the technical side, AI tools themselves can be trained to recognize and filter low-quality reports. But that requires high-quality training data and constant updates. Socially, the community must establish norms for responsible AI-assisted reporting. The Open Source Security Foundation’s working group is a step in that direction. Economically, projects may need to find alternative ways to compensate maintainers for triage time, perhaps through grants or industry sponsorships. The problem is systemic. No single fix will solve it. Meanwhile, the flood continues. Researchers like Shubham Shah are voting with their feet, retreating to private channels. That is a loss for the public security ecosystem. The platforms and projects that fail to adapt may find themselves isolated from the best talent. The crisis of AI-generated junk reports is not just a nuisance; it is a threat to the health of open source security. The next few years will determine whether the community can turn the tide or whether the noise will drown out the signal for good.
Source: Help Net Security News