{"id":47660,"date":"2025-05-08T14:35:54","date_gmt":"2025-05-08T18:35:54","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=47660"},"modified":"2025-05-08T14:35:54","modified_gmt":"2025-05-08T18:35:54","slug":"curl-takes-action-against-ai-bug-reports","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/05\/08\/curl-takes-action-against-ai-bug-reports\/","title":{"rendered":"curl Takes Action Against AI Bug Reports"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2025\/05\/07\/curl_ai_bug_reports\/\">Connor Jones<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.theregister.com\/2025\/05\/07\/curl_ai_bug_reports\/\"><p>Stenberg said the amount of time it takes project maintainers to triage each AI-assisted vulnerability report made via HackerOne, only for them to be deemed invalid, is tantamount to a DDoS attack on the project.<\/p><p>Citing a specific recent report that &ldquo;pushed [him] over the limit,&rdquo; Stenberg <a href=\"https:\/\/www.linkedin.com\/posts\/danielstenberg_hackerone-curl-activity-7324820893862363136-glb1\/?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAABvgIC0Bx1xUu-E97QUzl6wtDuTtUHlFX7g\">said<\/a> via LinkedIn: &ldquo;That&rsquo;s it. I&rsquo;ve had it. I&rsquo;m putting my foot down on this craziness.&rdquo;<\/p><p>From now on, every HackerOne report claiming to have found a bug in curl, a command-line tool and library for transferring data with URLs, must disclose whether AI was used to generate the submission.<\/p><p>If selected, the bug reporter can expect a barrage of follow-up questions demanding a stream of proof that the bug is genuine before the curl team spends time on verifying it.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/www.linkedin.com\/posts\/danielstenberg_hackerone-curl-activity-7324820893862363136-glb1\/\">Daniel Stenberg<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=43907376\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/www.linkedin.com\/posts\/danielstenberg_hackerone-curl-activity-7324820893862363136-glb1\/\">\n<p>We still have not seen a single valid security report done with AI help.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Connor Jones: Stenberg said the amount of time it takes project maintainers to triage each AI-assisted vulnerability report made via HackerOne, only for them to be deemed invalid, is tantamount to a DDoS attack on the project.Citing a specific recent report that &ldquo;pushed [him] over the limit,&rdquo; Stenberg said via LinkedIn: &ldquo;That&rsquo;s it. I&rsquo;ve had [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2025-05-08T18:35:58Z","apple_news_api_id":"1a00b383-398d-4622-955a-defb861f2c41","apple_news_api_modified_at":"2025-05-08T18:35:58Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AGgCzgzmNRiKVWt77hh8sQQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1351,131,1506,991,71],"class_list":["post-47660","post","type-post","status-publish","format-standard","hentry","category-technology","tag-artificial-intelligence","tag-bug","tag-curl","tag-open-source-software","tag-programming"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/47660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=47660"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/47660\/revisions"}],"predecessor-version":[{"id":47661,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/47660\/revisions\/47661"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=47660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=47660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=47660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}