this post was submitted on 24 Apr 2026
276 points (97.9% liked)

Technology

84322 readers
3541 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
276
Nextcloud stops bug bounty program due to increase of low-effort AI-generated reports (discuss.privacyguides.net)
submitted 1 week ago by mesamunefire@piefed.social to c/technology@lemmy.world
26 comments fedilink hide all child comments
 

Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the fol…

you are viewing a single comment's thread
view the rest of the comments
[–] timbuck2themoon@sh.itjust.works 25 points 1 week ago (4 children)

What I don't get is- these people are disingenuous or actually think theyre helping.

Helping how? The owner of the repo can submit code to your bullshit machine the exact same way. What value are you producing?

[–] SaharaMaleikuhm@feddit.org 11 points 1 week ago (1 children)

The people doing this feel like it was their doing because they control the machine basically. This craving to produce something is strong in the ones who have no skills of their own. That's why these PRs only ever come from absolutely incompetent buffoons.

[–] bcgm3@lemmy.world 2 points 1 week ago* (last edited 1 week ago)

Same for text gen "writers" and image gen "artists" and audio gen "musicians."

It's a shortcut to creating a product that, in their uninitiated mind, is viable.

[–] darklamer@feddit.org 8 points 1 week ago (1 children)

This remains a great mystery to me. As far as I can see, all they achieve is to waste time and resources for everyone involved, including themselves, without creating anything of value to anyone. It's truly baffling.

[–] SaharaMaleikuhm@feddit.org 6 points 1 week ago

It makes them feel good. Like they done something positive. It's utterly pathetic and I despise these people with no skills, no ability to create anything of their own.

[–] alyth@lemmy.world 3 points 1 week ago

Maybe to pad their resume

[–] AeonFelis@lemmy.world 3 points 1 week ago

Anecdote: there is this annual event called Hacktoberfest for promoting OSS contribution. It offers various merchandise as reward for PRs that get merged as part of the event. A few years back, someone posted a YouTube video trying to promote the event, and demonstrated how to to create a PR by going to some repository and adding some arbitrary text to the README.

What he wanted to convey: "this is the procedure for sending contributions"

What people understood: "you can win a free t-shirt by making small changes to non-code text"

The result: https://joel.net/how-one-guy-ruined-hacktoberfest2020-drama

LLMs did not create this problem. The desire to make bullshit contributions in order to be seen as contributing seems to a basic human need. At least - for some humans. Generative AI did make it so much worse, though, because it's so good at bullshitting that you have to waste time and spend mental resources in order to recognize the bullshit.