Cybersecurity

10004 readers

261 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

116

Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (www.theregister.com)

submitted 3 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

12 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] artwork@lemmy.world 30 points 3 days ago* (last edited 3 days ago) (3 children)

We now ban every reporter Instantly who submits reports we deem AI slop. A threshold has been reached. We are effectively being DDoSed. If we could, we would charge them for this waste of our time.

We still have not seen a single valid security report done with AI help.

~ Daniel Stenberg
Source [2025]

---

For those of you who don't want to click into linked in, https://hackerone.com/reports/3125832 is the latest example of a invalid curl report

Source: https://news.ycombinator.com/item?id=43907751 [2025-05-06]

[–] s38b35M5@lemmy.world 2 points 21 hours ago

bagder disclosed this report.

May 4, 2025, 3:52pm UTC

Let's show off how these "reporters" work

Love it

[–] exu@feditown.com 15 points 3 days ago

It's worth noting that curl has since seen at least one good AI-assisted report, but in that case the submitter had already done the work of sorting the output and only passing valid issues along.

[–] bluGill@fedia.io 6 points 2 days ago (1 children)

That was 2025. This year he has stated that there get many AI reports per day and nearly all are real issues. Things have changed a lot in the past few months.

Though CURL didn't restart their bug bounty program so there is no inventive to submit slop anymore.

[–] greenskye@lemmy.zip 5 points 2 days ago* (last edited 2 days ago) (1 children)

That was 2025.

Man I'm really starting to empathize with my grandparents and struggling to keep up with tech. I used to think it was silly that they said stuff moved too fast when it had been 5 years. Now apparently your opinion on AI is only good for less than 12 months (probably less)

[–] bluGill@fedia.io 2 points 2 days ago (1 children)

When things are new it is often quick for a bit. Then it slows down. My prediction (which has been wrong before!) is that AI has reached the peak of the change.

However you should ALWAYS be ready and willing to change your opinion on anything when new evidence comes in.

[–] greenskye@lemmy.zip 4 points 2 days ago

I'm open to new info, but so much of the AI push has mimicked the crypto and NFT hype that it's been really hard to distinguish between reality and grift.

I tried to do my due diligence on research, but apparently doing so a ~ 13 months ago is already out of date. I'm honestly not interested or motivated enough to re-evaluate the state of AI every 6 months.

My current takeaway is that this is like the cloud computing hype. In that it's got a real, valid use case, but that's being overshadowed by it being shoe horned into literally everything and dumb sales people claiming it will do things that it will in fact never actually do.

What it can actually do won't be able to be determined by most of us until after the dumb hype wave dies down and the valid business cases become boring everyday tasks and everyone forgets that at one point CEOs were literally believing that they'd have a movie level general AI assistant like Cortana.