The rapid proliferation of AI-assisted vulnerability research tools has unleashed a torrent of low-quality security reports on software maintainers, who now find themselves drowning in noise instead of focusing on fixing critical flaws. This deluge, often referred to as "AI slop," is generating massive duplication, wasting hours of volunteer time, and threatening the very fabric of open source security practices.
Linus Torvalds, the creator and principal maintainer of the Linux kernel, recently expressed his frustration in a note accompanying the latest kernel release candidate. He stated that the flood of AI-generated reports has made the project's security mailing list "almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools." His blunt message to researchers: "If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don't be the drive-by 'send a random report with no real understanding' kind of person."
Torvalds' comments echo a broader industry concern. Jarom Brown, Senior Product Security Engineer at GitHub, acknowledged last week that while the lowering of barriers to entry for security research is welcome, his team is being inundated with submissions that fail to demonstrate any real security impact. These include reports without proof of concept, theoretical attack scenarios that collapse under scrutiny, and findings already covered by GitHub's published ineligible list. GitHub has responded by requiring submitters to validate AI-assisted findings before submission, mandating a working proof of concept that demonstrates exploitation potential and concrete security impact. Reports covering ineligible categories will be closed as "Not Applicable," potentially affecting the submitter's HackerOne Signal and reputation. Brown also urged researchers to be concise, noting that bloated, AI-padded reports slow down triage and waste everyone's time.
GitHub is not alone. Numerous bug bounty programs across the industry are grappling with the same challenge. Some have shut down entirely, overwhelmed by the volume of low-quality submissions. Shubham Shah, co-founder of Assetnote and a respected security researcher, warns that organizations are now taking far longer to review legitimate reports and act on real flaws. This delay is killing the feedback loop that keeps top researchers engaged. While platforms like HackerOne and Bugcrowd are trying to combat AI-generated spam with their own AI filtering and added controls, Shah laments that "the joy of reporting vulnerabilities to bug bounties is quickly dissipating." He added, "Hopefully the platforms actually work this out, but until then, I can't see myself continuing to report high quality original research to certain programs where I have meaningfully contributed for a decade when they fail to understand the difference between myself and a researcher that doesn't have any credibility." In the near term, some experienced researchers may retreat to private vulnerability research and invite-only bounties, further fragmenting the security community.
Open source projects bear the brunt of this industrialization of vulnerability discovery. Unlike large organizations such as Microsoft or Google, which have dedicated security teams, open source projects rely on volunteer maintainers whose time and energy are severely limited. The cURL project, a widely used command-line tool for transferring data with URLs, experienced this firsthand. Its lead developer, Daniel Stenberg, initially decided to stop accepting HackerOne submissions and eliminate monetary rewards for security reports, hoping to remove the incentive for submitting AI slop. He stated his belief that "the best and our most valued security reporters still will tell us when they find security vulnerabilities." The project switched to welcoming reports via GitHub or email, but within a month reverted to using HackerOne because those two avenues proved less effective for reporting vulnerabilities. However, the project stuck with its decision not to offer bounties for bug reports. Stenberg noted in April 2026 that since removing bounties, "the nature of the security report submissions have changed. The slop situation is not a problem anymore." The number of reports rose, their quality improved (even if AI-assisted), and the rate of confirmed vulnerabilities surpassed the 2024 pre-AI level. Yet Stenberg also sounded a warning: this raised influx of "good" vulnerability reports presents a different problem. "This avalanche is going to make maintainer overload even worse. Some projects will have a hard time to handle this kind of backlog expansion without any added maintainers to help," he pointed out.
HackerOne acknowledged the problem AI slop poses for under-resourced organizations. Michiel Prins, Co-founder & Senior Director of Product Management at HackerOne, told Help Net Security: "As AI makes it easier to automate submissions, preserving signal quality becomes critical so open source maintainers can stay focused on fixing real issues. Our focus is helping programs manage that shift with workflows that filter noise early, surface credible reports, and keep vulnerability management sustainable, so open source communities can maintain the transparency and resilience they're known for." HackerOne advises customers to refine scope and submission guidelines, use AI-assisted triage tools, and pair automation with human oversight.
The Open Source Security Foundation's Vulnerability Disclosures Working Group is also seeking community feedback as it works to help open source maintainers tackle AI-generated junk reports. Its goals include compiling best practices, creating policy templates, and developing guidance to help maintainers spot and handle AI-assisted submissions. The working group aims to provide actionable resources that projects of all sizes can adopt to filter out noise and prioritize genuine vulnerabilities.
The underlying issue is the democratization of vulnerability research through AI. Tools that can automatically analyze codebases, generate potential exploit scenarios, and produce reports are now widely available. While this has the potential to uncover more bugs, it also lowers the barrier for spamming maintainers with low-effort submissions. Researchers who use AI to generate hundreds of reports without understanding the code or the context are wasting precious maintainer time. The situation is reminiscent of the early days of automated fuzzing, where tools produced massive logs of potential crashes, many of which turned out to be duplicates or non-exploitable. But today's AI tools go further, generating natural language descriptions and fake proof-of-concepts that require human expertise to debunk.
The impact on bug bounty programs is severe. Top researchers, who once eagerly submitted high-quality findings for bounties and recognition, are now disillusioned. They see their reports queued behind hundreds of low-quality ones, and they wait weeks or months for a response. Some have stopped participating altogether. This exodus reduces the overall quality of submissions and weakens the ecosystem. Platforms like HackerOne and Bugcrowd are investing in machine learning classifiers to distinguish between genuine findings and AI-generated noise, but the arms race continues as AI tools evolve to produce more convincing reports.
For maintainers, the situation is exhausting. A typical open source project may have one or two people handling security reports. When those reports are filled with false positives, duplicates, and AI-generated fluff, the maintainers either ignore the channel or burn out trying to process everything. The result is that real vulnerabilities go unnoticed or unpatched. The Linux kernel, with its vast codebase and thousands of contributors, is a special case, but the principle applies to all projects. Torvalds' message is clear: if you use AI tools, go the extra mile to add value, or stay quiet.
The response from the community has been mixed. Some researchers argue that AI-assisted discovery is legitimate and can surface real issues that manual review might miss. They point out that the problem is not AI itself but the behavior of researchers who submit raw, unvalidated output. Others maintain that the current tools are too imprecise and that the burden of proof should fall on the submitter. The cURL project's experience suggests that removing bounties can effectively filter out opportunists, but that also eliminates motivation for high-quality reports. Stenberg found that the switch improved the signal-to-noise ratio, but also increased the volume of good reports that still need to be processed.
Long-term solutions may include better education for security researchers, stricter submission guidelines from platforms, and automated triage systems that can quickly validate reports. Some projects are experimenting with requiring a working proof of concept before accepting a report. Others are using reputation systems to weight submissions from known, trusted researchers more heavily. The OpenSSF working group will likely advocate for standardized policies that projects can adopt, along with tooling to detect AI-generated content.
As AI continues to advance, the challenge will only grow. The same technology that enables faster vulnerability discovery also enables faster spam generation. The security community must adapt by developing robust filtering mechanisms and fostering a culture of responsible reporting. Maintainers cannot afford to waste time on noise, and the best researchers deserve a system that recognizes and rewards their efforts. Without intervention, the feedback loop that has made bug bounties successful may collapse, leaving critical software vulnerable to exploitation.
Source: Help Net Security News