just read Daniel Stenberg’s latest update on the cURL project and it’s honestly depressing.

For those who missed it, they’re basically being DDoSed by AI-generated bug reports. People are just prompting LLMs to "find vulnerabilities in this code" and then copy-pasting the hallucinated garbage into their bounty program, hoping for a quick payday.

It’s reached a point where maintainers are spending more time debunking "AI slop" than actually writing code.

Is this the future of open source? If we don't find a way to filter this noise, we’re going to lose the human maintainers who actually keep the internet running. I'm curious to hear from the devs here—are you seeing this in your own repos yet? Or is it time to start banning any report that smells like it came from an LLM?

just read Daniel Stenberg’s latest update on the cURL project and it’s honestly depressing.
For those who missed it, they’re basically being DDoSed by AI-generated bug reports. People are just prompting LLMs to "find vulnerabilities in this code" and then copy-pasting the hallucinated garbage into their bounty program, hoping for a quick payday.
It’s reached a point where maintainers are spending more time debunking "AI slop" than actually writing code.
Is this the future of open source? If we don't find a way to filter this noise, we’re going to lose the human maintainers who actually keep the internet running. I'm curious to hear from the devs here—are you seeing this in your own repos yet? Or is it time to start banning any report that smells like it came from an LLM?