Daniel Stenberg, founder of open-source project curl, says easy access to LLMs is resulting in junk AI-assisted bug reports, wasting developer time and energy
The rise in spam for everyone who accepts submissions is also a massive problem. … @bagder@mastodon.social : When people respond in negative ways on my blog, I always struggle with where the line is when to just delete it. — I can take that people have other viewpoints and might not like me or my blog posts. Some comments are just... weird. — https://daniel.haxx.se/... PulkoMandy / @pulkomandy@mastodon.tetaneutral.net : @manchicken @bagder LLMs makes these fake reports easier to produce in large quantities. Even if it only work 0.01% of the time, if you can cheaply generate thousands of reports, and just one or two of them get you a reward, it can be worth doing. — This is already how it works for email scams. … Mike Stemle / @manchicken@hachyderm.io : @bagder It's really disappointing how much AI-generated crap is out there. Do you think folks actually expect you to pay for these trash findings? Also, have you seen any examples of findings reported with AI that _weren't_ trash? — I can think of some things where AI could help accelerate things, but it seems limited presently. … Jeff Graham / @jgraham909@mastodon.social : @bagder thanks for sharing your perspective and experience. Unfortunately, “like for the email spammers, the cost of this ends up in the receiving end” really captures the situation quite well. — Hopefully it also forces some to reflect that tech without adequate guardrails and protections … Dr. jonny phd / @jonny@neuromatch.social : LLM-generated bug bounty manipulation, yet another demonstration of the fact that the space of “good” uses of LLMs for programming is very small compared to the vast ocean of adversarial uses. The tab is being called on all the technical debt we've accumulated in our systems of trust, and the high cost of “openness” without trust gets clearer every day. … X: Liam Proven / @lproven : The “i” in LLM stands for “intelligence” https://daniel.haxx.se/... (from the author of cURL) LLM bot-generated bug reports are a big and growing problem, from opportunists seeking money rewards. @giskard23 : This is great stuff from @bagder - my favourite bits are the knee jerk comments on the site. The hallucinated post-truth world we live in is NOT progress but technological dystopia. Clippy's revenge is how we'll all go to (digital) hell. #llm #fail https://daniel.haxx.se/... Lars Juhl Jensen / @larsjuhljensen : “Better crap is worse”. This is an excellent point that generalizes beyond bug reports. The better the crap, the longer it takes to figure out that it is indeed crap and should have been treated as such from the start. https://daniel.haxx.se/... Reyna / @reynavix : It seems people are using LLM's to generate vulnerability reports in the hope of getting bug bounty money. The result is that the maintainers have to spend more time analyzing the report before dismissing it. I want to get off Mr. Bones' wild ride. :< https://daniel.haxx.se/... LinkedIn: Lars Juhl Jensen : “Better crap is worse”. This is an excellent point that generalizes beyond bug reports. The better the crap, the longer it takes to figure … Forums: Hacker News : AI generated security reports about curl Slashdot : AI-Assisted Bug Reports Are Seriously Annoying For Developers BeauHD / Slashdot : AI-Assisted Bug Reports Are Seriously Annoying For Developers