this post was submitted on 18 May 2026

116 points (97.5% liked)

Cybersecurity

9999 readers

226 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

116

Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (www.theregister.com)

submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

12 comments fedilink hide all child comments

top 12 comments

sorted by: hot top controversial new old

[–] artwork@lemmy.world 30 points 2 days ago* (last edited 2 days ago) (3 children)

We now ban every reporter Instantly who submits reports we deem AI slop. A threshold has been reached. We are effectively being DDoSed. If we could, we would charge them for this waste of our time.

We still have not seen a single valid security report done with AI help.

~ Daniel Stenberg
Source [2025]

---

For those of you who don't want to click into linked in, https://hackerone.com/reports/3125832 is the latest example of a invalid curl report

Source: https://news.ycombinator.com/item?id=43907751 [2025-05-06]

[–] s38b35M5@lemmy.world 2 points 8 hours ago

bagder disclosed this report.

May 4, 2025, 3:52pm UTC

Let's show off how these "reporters" work

Love it

[–] exu@feditown.com 14 points 2 days ago

It's worth noting that curl has since seen at least one good AI-assisted report, but in that case the submitter had already done the work of sorting the output and only passing valid issues along.

[–] bluGill@fedia.io 6 points 2 days ago (1 children)

That was 2025. This year he has stated that there get many AI reports per day and nearly all are real issues. Things have changed a lot in the past few months.

Though CURL didn't restart their bug bounty program so there is no inventive to submit slop anymore.

[–] greenskye@lemmy.zip 5 points 2 days ago* (last edited 2 days ago) (1 children)

That was 2025.

Man I'm really starting to empathize with my grandparents and struggling to keep up with tech. I used to think it was silly that they said stuff moved too fast when it had been 5 years. Now apparently your opinion on AI is only good for less than 12 months (probably less)

[–] bluGill@fedia.io 2 points 2 days ago (1 children)

When things are new it is often quick for a bit. Then it slows down. My prediction (which has been wrong before!) is that AI has reached the peak of the change.

However you should ALWAYS be ready and willing to change your opinion on anything when new evidence comes in.

[–] greenskye@lemmy.zip 4 points 1 day ago

I'm open to new info, but so much of the AI push has mimicked the crypto and NFT hype that it's been really hard to distinguish between reality and grift.

I tried to do my due diligence on research, but apparently doing so a ~ 13 months ago is already out of date. I'm honestly not interested or motivated enough to re-evaluate the state of AI every 6 months.

My current takeaway is that this is like the cloud computing hype. In that it's got a real, valid use case, but that's being overshadowed by it being shoe horned into literally everything and dumb sales people claiming it will do things that it will in fact never actually do.

What it can actually do won't be able to be determined by most of us until after the dumb hype wave dies down and the valid business cases become boring everyday tasks and everyone forgets that at one point CEOs were literally believing that they'd have a movie level general AI assistant like Cortana.

[–] waigl@lemmy.world 23 points 2 days ago (1 children)

AI might be useful to find some bugs that might otherwise have been missed, but you still need to do the manual work to make sure it's actually valid and produce a proof of concept.

[–] CameronDev@programming.dev 20 points 2 days ago

Unfortunately, most of these sloppers don't have the skills to validate their work.

[–] MoonMelon@lemmy.ml 13 points 2 days ago (1 children)

You know those bug reports where the user somehow didn't see the huge bug report right on the front page with 100 comments, pinned to the top of the issues page, and they duplicated it? Where they didn't provide a log or a stack trace, or even their system specs? The kind of report which caused the developers to implement a massive issue template that the user just ignored?

We automated that 😎

That template? — Filled with garbage.

That stack trace? — Contains methods that don't actually exist.

It's not debugging, it's deblowmyfuckingbrainsout.

[–] Serinus@lemmy.world 2 points 2 days ago (1 children)

Hey, someone with experience.

[–] crandlecan@lemmy.zip 1 points 2 days ago

What gave it away?