Open source project curl is sick of users submitting “AI slop” vulnerabilities
Open source project curl is sick of users submitting “AI slop” vulnerabilities
arstechnica.com
Open source project curl is sick of users submitting “AI slop” vulnerabilities
IMO repo owners should remove the ownership of all contributions from a contributor if they have been found abusing the project with AI.
TBH I'll probably be slapping a few warnings on my own projects along those lines.
In this case, it's about vulnerability reports, not about vulnerable code being contributed. There's a bounty for any found vulberability in Curl, and then because telling an AI to try to find a vulnerability is essentially free, you'll have lots of people looking to make a quick buck by just reporting whatever the AI spat out, no matter how nonsensical it is.