Curl project founder snaps over deluge of time-sucking AI slop bug reports Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated "slop" bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers' time. Stenberg said the amount of time it takes project maintainers to triage each AI-assisted vulnerability report made via …
"Curl offers bounty rewards of up to $9,200 for the discovery and report of a critical vulnerability in the project, and has paid $16,300 in rewards since 2019."
I think these "bug reports" aresern as free lottery tickets for the bug bounty.
You have an LLM running on you hardware or some free subscription to an AI. What is easier than to deluge every bug bounty project with bug reports.
It is like Spam, if one in a million pays out, you send two million. The costs are lower than the expected payouts.
That is, assuming they are actually able to do that math. Or they can get others to pay for bandwidth, electricity, and subscriptions.
I'm starting to understand why MS demand videos now (and we all complained).
If you "deepfake" the video, MS can get a team of relatively low skill security people or potentially even AI, to review your submission and if the steps provided do not match your results downgrade or reject the submission.
Potentially they could even create a submission "cost" that involves no cost for actual submissions but could be offset against any bounties you do legitimately claim in the future.
The irony there, of course, is that it is the actions of MS (and Google etc) in creating the tools to generate this mess are to blame
A bit similar to making an OS with Swiss-cheese security and then selling anti-virus applications to keep it upright. Rather than fixing the actual OS
God, I hate MS
Other's have (below) suggested possible mechanisms. But that's entirely beside the point. Offering reward for doing good ought to be balanced by some kind of penalty for taking the piss. Call it "moral hazard", if you like.
Let's be creative.
When you submit a report you make a punt on how real and/or severe it is by laying a stake. Instead of a flat bounty, they pay out some multiple of your stake. If it turns out to be a waste of time then you lose your stake.
I'm sure you could come up with something better.
-A.
This post has been deleted by its author
Not necessarily with every report. Just a deposit on joining HackerOne, refunded after a genuine report. If, subsequently, slop reports are sent a new, double deposit will be required to be refunded after 2 genuine reports, otherwise the submitter is banned. Double up again as necessary.
Now you have to deal with all of the claims of "genuine report". For example, Microsoft said that creating a folder was a viable security patch. How many lawsuits will they get for declining to refund the fee?
Regardless, if the fee is paid by credit card, the payer can contest the charge (for at least six months) and get the card co. to refund it, at considerable additional cost to the depositor.
Damned if you do, damned if you don't, damnit this country needs serious reform.
Maybe they should stop the bug bounty?
It’s why people (in most places) are not paid to donate blood. There is no incentive for someone to give blood even if they know they have some horrible disease (which they may otherwise be tempted to - yea, I know!)
Removing the bounty shouldn’t stop genuinely concerned people from submitting reports. But it would remove the incentive to submit crap
One or more excluded blood donor groups demanded to give blood as by right, even without being paid AFAIK. Said it was discrimination. Would it be better to say excused not excluded?
I suppose that a scenario is if your workplace encourages giving blood, you are in an excluded group but you fear being discriminated against if the employer knows.
People are not paid for blood because then it will attract drug cartels to start trafficking blood or even worse.
This is a false equivalence. The effort required to find bugs can be significant (can take thousands of hours). Donating blood is just an hour spent at the clinic.
It's much, MUCH harder to get people to donate blood in countries where paying them is illegal. As long as screening for disease is effective, the social downsides to paying for blood donations are minimal.
Contrast to bogus bug reports - they're dirt-cheap to create at massive scale, relatively expensive to refute, and one report resulting in a bounty pays for the creation of a massive number of false reports.
Maybe a $100 penalty for each false report submitted, used against any future bounty?
In addition to the points others have raised, there are two theories for why paying works better than just having an unpaid reporting mechanism, one of which I believe and the other I don't.
The good reason: it convinces people to look for security problems. There are people who will work actively to try to find a problem if they can get paid, whereas if they're working for free, you may only get reports they stumble on by accident. It can be quite cheap, because if they don't find anything, you don't have to pay them. I have not tested this, but I certainly have seen more reports sent when payment was offered, even if many of them were crap.
The less convincing reason: fears that the bad guys will pay for a vulnerability, so profit-oriented people will sell it to them unless they can make money by reporting it. I don't buy this. All of the parts of that are true, but I don't think bug bounty programs make a difference to any one of them. A criminal group will spend more for a good vulnerability than any bug bounty program will pay out. Most people who find one would be unwilling to sell to criminals because they don't like criminals. Most who would be willing don't know how to find them. Those who are willing and able have other reasons to choose not to, such as not having a reliable way of trading their vulnerability for cash when, if they send the details up front, the criminals don't have to pay because they have the vuln now, and if they don't send enough details, the criminals don't pay because they're not sure the thing is real. Someone who can get through all of those hoops will probably not bother trying to see if the company will outbid here.
When it costs nothing to send an email offering a low price on a counterfeit drug, people will send lots of emails.
When it costs nothing to send a bug report in hopes of getting a bounty, people will send bug reports. Another commenter got it right "free lottery tickets".
I suggest Hacker One and other bug-bounty clearing houses revisit their business models. Charge money for the lottery tickets. Refundable after triage, or something like that.
The current system isn't resilient. And defect detection schemes need to be resilient.
No, your downvotes are because nothing related to this has anything to do with advertising. The article and most comments are talking about spam security reports. Those are not adverts. The comment you replied to got closer to adverts, since it was talking about spam email. Yes, those are adverts, but banning all advertising wouldn't do a thing about it because the spam is already not allowed and the spammers are doing it anyway. Thus, whatever we may think about advertising, it isn't relevant.
Also, you have followed your typical pattern and gone too extreme on the negativity. I don't like advertising either, hence why I have a multilayer blocker in place to filter out as much as I can. There's a difference between that and justifying making it illegal, let alone making it illegal and actually enforcing that law to block it. It's much harder to justify that, but I'm not going to bother arguing on either side since you've not tried to do so either. You just called for it without providing reasoning.
doublelayer: No, your downvotes are because nothing related to this has anything to do with advertising. The article and most comments are talking about spam security reports. Those are not adverts.
cow: Spam exists because of the money that can be made. No spam, then most of this spam security reports thing fades away.
Cause and effect.
Not claiming its a perfect solution, please grow up nothing is ever that simple, just saying you are feeding many monsters that do nasty things because they can make money from advertising.
Try again and tell me how banning advertising doesnt help reduce this problem.
Fight the AI with AI!
In the given example, the report referenced function that didn't even exist within the curl source. If you trained an AI on your source, run all bug reports through that AI and if it is obviously bogus, throw it out with a warning that any future bogus reports would result in a ban. It's not fool proof but it could filter out a lot. Yes, it would require an investment.
"He went on to say that the project has never received a single valid bug report that was generated using AI"
If a report points to a real bug how do you know it wasn't an AI all along? Isn't this confirmation bias? It's like people who say "I can always spot a liar" when they have no way of knowing when they've been lied to.
AI filters for AI text have been tried for a long time and the answer is usually no. You can make a model that takes a guess, and in many cases, that guess will be reliable, but that's all it will ever be. If people realize you're doing it, they can easily make the guess less correct. For example, comparing real bug reports to AI-generated ones, there's often a significant stylistic difference between the two* so I can assume which are which, but if I am a spammer after a bounty, I can customize my prompt to make the AI write its text less professionally and more laconically, and then it will look more like the human-written ones.
* People write bounties in a lot of forms, but they are often writing more informally, meaning more acronyms, a little less jargon, and slightly worse grammar, than the ones LLMs often produce. They are also written more formally, including the reverse of all three of those differences, than human-written ones that turn out to be crap. I can often guess based on the style how likely one is to be useful, but I have to read and test it anyway because the well-written one could be from someone who just likes to speak formally when they're sending a message to someone they don't know and the one with worse grammar might be someone who isn't a proficient speaker of the language they're writing the report in. All you could do with an AI is try to sort them so the useful ones are higher in the stack.
If you actually get to talk to the reporter, it's pretty easy to figure out whether it's an "AI" submission or not; because if it is, they will be unable to credibly answer questions about the process by which they came to their conclusion, or the technical details that led them there.
Anyone who has worked with 'developers' who let an LLM write their code for them, will probably recognize this phenomenon, and the "I don't know, that's what the AI said" answers that accompany it.
When will the nonsense stop?
Hard to say.
I am distrustful of AI but have been keeping an eye on Google's AI Overviews as I encounter them and was slowly being suckered into thinking it's not as bad as I had believed. Until it claimed, with it's usual confident certainty, that something I knew was absolutely wrong was a fact.
Maybe that's what it takes; experiencing its bullshit, lies, fake facts and hallucinations first hand?
I am distrustful of AI but have been keeping an eye on Google's AI Overviews as I encounter them and was slowly being suckered into thinking it's not as bad as I had believed
I occasionally ask Physics questions, and I recently asked one about the meaning of a failure in a specific theorem (Bell's inequality). It gave a plausible summary, and then produced exactly the wrong conclusion. I think it got confused about the meaning of what was basically a double negative : a failure of an inequality. It had a choice of two answers, and picked the wrong one.
OTOH, I'm constantly typing in simple questions about software packages ("how do I generate an email invoice in Stripe" yesterday, and similar), and Google always chimes in with its own answer. And, most, of the time, they're so accurate that it makes my head spin. That particular one wasn't quite right because the software has changed since the AI learnt the answer, but it was a good start. You still have to read the proper hits, but I'm coming to the conclusion that the AI is actually very good with this sort of simple question, and undoubtedly better than most of the slop you find on the net.
YET AGAIN ... THE THIN END OF THE WEDGE !!!
If you need to examine the answer to decide if the answer is correct or not then AI is useless !!!
AI is sold as being able to give people who 'do not know' the 'correct' answer.
As more and more people use AI the number of people who 'do not know' increases and NOT all of them WILL be able to filter out the 'correct' answers.
The 'interWebs' are already full of bad data and mis-informed opinion that is taken as fact/truth, Current AI is not improving the situation.
People who are able to filter out the bad answers 'NOW' should NOT not be fooled into giving credence to AI, as it encourages other not so gifted to accept the answers from AI as 'good.
You should use your ability to recognize the flaws and weaknesses of AI to educate the masses to the scam that is being perpetrated.
AI is not going to improve as it is NOT intelligent, therefore we are hoping for better 'Clever pattern matching' to somehow happen and improve to the level that the 'wrong' answers are removed.
Hope, in this instance, is magical thinking !!!
If this level of 'almost but not quite correct' guesswork is allowed to be accepted as AI, and is further pushed on the masses, we are responsible for a societal harm that we may never recover from.
The greed of the Tech Behemoths behind this scam is out of control, it must be constrained before it is too late !!!
:)
Exactly. If you cannot be sure whether what came out of AI is any good or not, there's no point having the AI; because you had to get the right answer using traditional methods anyway just to check the AI answer, so you might as well never have bothered with the AI!
It's like having a faster-than-light communication channel and the only way to check for errors being to use a separate, slower-than-light back channel.
If you are Google you have unlimited resources and can deal with AI noise, so let them carry on with the bounties.
When it comes to smaller/FOSS projects, most people will report bugs because it is the right thing to do and because they care about good software.
No bounties, no AI noise.
"All of these feelings can add to burnout of likely highly trusted contributors to open source projects.
Are you sure that is not the point?
<tinfoil_hat>Say, for example, some hypothetical less-than-ethical for-profit software firm decides that maybe Python is a competitor to a scripting language that said less-than-ethical firm charges for. This less-than-ethical firm could turn its own AI on to SPAM the livin' shit out of the Python devs so as to tie them in knots, all the while the same less-than-ethical firm's Marketing department starts blathering to the rooftops about how Python is so unreliable, or insecure, see all these bug reports that are going unanswered, while our less-than-ethical firm's Python wannabee, uh... competitor doesn't have anywhere near this number of problems.</tinfoil_hat>
Any resemblance between the above scenario and any real persons or firms, living or dead, is purely coincidental. (But if it weren't coincidental, you could probably guess who that person or firm was. And, as Malcolm Nance likes to remind us," Coincidence takes a lot of planning".)
The entire mechanism for transferring files using web protocols is a perverted form of FTP, one of those "quick and dirty" hacks that's persisted because everybody needs something like this but nobody seems able to think up a simple, reliable, secure and efficient mechanism to do the job. But since its so widely used any replacement mechanism should conform to the existing API regardless of what's going on underneath.
Look, I know curl is simple and convenient, I use it myself. Its also horribly inefficient and has all the potential security issues that come with web protocols. All I'm saying is that all too often we'll take a quick and dirty implementation of something and then it gets used for all sorts of things it was never designed for and being stretched, extended, patched, re-patched in the process until it becomes a mountain of kludges.
Have you ever stopped to ask what those characters at the top of a web page actually mean? Have you ever asked yourself how this maps onto network traffic?
> a perverted form of FTP
Well, yes, it does do TFTP as well:
From cURL man page
curl is a tool for transferring data from or to a server using URLs. It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS.
Sorry, what was your point supposed to be about why we shouldn't be using cURL?
If you do happen to have a better protocol up your sleeve, please share it with us - as soon as it proves its worth enough to get a URL prefix, guess which tool will allow us mere mortals to make easy use of it...
> any replacement mechanism should conform to the existing API regardless of what's going on underneath
Yup, as you say, the same API (cURL and/or libcurl) will play the role.
Definitely a misued tool. Use AI to find some code tro take a look at? Sure. Autofile a bug report? Well, no, at least make sure it's not hallucinating non-existant code, or code from an out of date version, or that the report ultimately makes sense.
Perhaps a solution would be to have the bounty, BUT subtract off the payment for invalid bug reports (no, paying a deposit to report bugs or a fine expecting to be paid won't work. But getting nothing if you spray them with invalid bug reports and happen to get one valid one would stop this behavior in it's tracks I think.)
The tool is misdesigned, not merely 'misused'. If LLM companies truly cared about building a responsible tool, it wouldn't have a conversational interface that does its damnedest best to make it feel like you're talking to a human. But it does, and that should tell you a lot about what these tools are really meant to be used for; and it isn't anything responsible.
The problem is, they can do - at least, they can provide something that *looks* like a PoC, complete with code and shell script to run it.
Then the triage team wastes time building it, checking the script to see it it is going to try the old "rm -r /"...
Same result, maintainer's time wasted, maybe even worse because it looked sort of more convincing so they dutifully persisted with the compile errors "because the environments were not identical"...
and the bar increases.
- a Dockerfile
- that can be built with "docker build ."
- that demonstrates the problem when you execute it
This isn't a complete solution, but ? A start? what are the drawbacks?
Some will claim it only happens on third party services that they can't docker-ize, but for things like an HTTP/3 vulnerability in a CLI app, it seems reasonable that it can be dockerized. Reporters will complain about the extra effort, but honestly unless they're including a potential patch they're shifting work - and validation work. [Valid] Security reports will be fewer, but that's the trade-off . . .
Maybe this will result in 100x LD_PRELOAD=... causing memory errors, "See look, it's a memory corruption bug that crashes the program!"
Agreed, it is a burden.
(Just a note: I don't have a public bug tracker. I'm not a curl dev, and *way* too many real bugs in the projects that I make for myself!)
Considering the public bug tracker, should they make it not public? Stop accepting bugs from the public? Or, close it and switch to mailing list reports only? In the case of spam bug reports coming to the mailing list, should they move the mailing list private as well?
It seems like the maintainer(s) are taking that the stance that Not Nothing will be done, so something is going to change. But: what's an appropriate bar to set to exclude bogus, grammar-correct, casual-glance logically correct submissions?
Requiring a dockerfile with bug reports would result in fewer legitimate bug reports. Perhaps those devs would find a way to work-around the problem, maybe raise it on a bunch of forums, until word-of-mouth gets back to a dev and it gets fixed. Probably, `curl` in particular is too ubiquitous and necessary for it to actually go away as a project, so from here . . . what are the options? What other options can others use, other than Microsoft's "Send us a video"?
I recently had a bug with a piece of software or module, can't remember which. I went onto the bug report website to be faced with a zillion (ok exaggeration) questions, most of which were irrelevant to the issue. They wanted endless logs etc. It was a simple issue, a 3rd party library dependency warning. It worked, just kept complaining I didn't have an old enough library. I wanted to say hey are you aware but gave up. Ironically the software I was installing was part of an AI setup.
Offering rewards for bug reports is probably going to cause problems with AI, maybe give people the option of requiring lots of logs, video etc if after a prize. If just being a good citizen a box to tick so it's more freeform. It can be as useful to have a thousand simple reports as one detailed. At least you know there is a real issue affecting lots of people to focus on.
I "love" the way you can get an AI to change its opinion.
For example, I recently asked a well-know one to give me an example for MISRA C Rule 15.2. It replied that the rule stated "An unconditional break or continue shall not be used."
Wrong! When I told it so, it "changed its mind" and declared that it meant to say "The goto statement shall jump to a label declared later in the same function", which is correct. However, it then proceeded to give non-compliant and compliant examples that were exactly the same.
And people actually let these things write code or find vulnerabilities?
is this:
"AI reports look legitimate at first, but take time to reveal issues like hallucinations."
It indeed looks legit. until you realize it's BS, and will have wasted your time.
Anyone who is sending me something, those days, which is AI generated without telling me has their reputation score down to literally 0 for me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
