<div><img alt="" class="attachment-large size-large wp-post-image" height="484" src="https://hackaday.com/wp-content/uploads/2021/08/GithubCopilot.jpg?w=800" style="margin: 0 auto; margin-bottom: 15px;" width="800" /></div><p>Over the past years, the author of the cURL project, [Daniel Stenberg], has repeatedly complained about the increasingly poor quality of bug reports filed due to LLM chatbot-induced confabulations, also known as ‘AI slop’. This has now led the project <a href="https://github.com/curl/curl/pull/20312" target="_blank">to suspend its bug bounty program</a> starting February 1, 2026.</p>
<p>Examples of such slop are provided by [Daniel] in a <a href="https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd" target="_blank">GitHub gist</a>, which covers a wide range of very intimidating-looking vulnerabilities and seemingly clear exploits. Except that none of them are vulnerabilities when actually examined by a knowledgeable developer. Each is a lengthy word salad that an LLM churned out in seconds, yet which takes a human significantly longer to parse before dealing with the typical diatribe from the submitter.</p>
<p>Although there are undoubtedly still valid reports coming in, the truth of the matter is that the ease with which bogus reports can be generated by anyone who has access to an LLM chatbot and some spare time has completely flooded the bug bounty system and is overwhelming the very human developers who have to dig through the proverbial midden to find that one diamond ring.</p>
<p>We have mentioned before how <a href="https://hackaday.com/2023/09/27/do-bounties-hurt-foss/">troubled bounty programs</a> are for open source, and how projects like Mesa have already had to <a href="https://hackaday.com/2025/10/01/mesa-project-adds-code-comprehension-requirement-after-ai-slop-incident/">fight off AI slop incidents</a> from people with zero understanding of software development.</p>
Vibe coding is all the rage at the moment if you follow certain parts of the Internet. It’s very easy to dunk upon it, whether it’s to mock the sea …read more![<div><img alt="" class="attachment-large size-large wp-post-image" height="484" src="https://hackaday.com/wp-content/uploads/2021/08/GithubCopilot.jpg?w=800" style="margin: 0 auto; margin-bottom: 15px;" width="800" /></div><p>Over the past years, the author of the cURL project, [Daniel Stenberg], has repeatedly complained about the increasingly poor quality of bug reports filed due to LLM chatbot-induced confabulations, also known as ‘AI slop’. This has now led the project <a href="https://github.com/curl/curl/pull/20312" target="_blank">to suspend its bug bounty program</a> starting February 1, 2026.</p>
<p>Examples of such slop are provided by [Daniel] in a <a href="https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd" target="_blank">GitHub gist</a>, which covers a wide range of very intimidating-looking vulnerabilities and seemingly clear exploits. Except that none of them are vulnerabilities when actually examined by a knowledgeable developer. Each is a lengthy word salad that an LLM churned out in seconds, yet which takes a human significantly longer to parse before dealing with the typical diatribe from the submitter.</p>
<p>Although there are undoubtedly still valid reports coming in, the truth of the matter is that the ease with which bogus reports can be generated by anyone who has access to an LLM chatbot and some spare time has completely flooded the bug bounty system and is overwhelming the very human developers who have to dig through the proverbial midden to find that one diamond ring.</p>
<p>We have mentioned before how <a href="https://hackaday.com/2023/09/27/do-bounties-hurt-foss/">troubled bounty programs</a> are for open source, and how projects like Mesa have already had to <a href="https://hackaday.com/2025/10/01/mesa-project-adds-code-comprehension-requirement-after-ai-slop-incident/">fight off AI slop incidents</a> from people with zero understanding of software development.</p>](https://hackaday.com/wp-content/uploads/2021/08/GithubCopilot.jpg)
