this post was submitted on 28 Feb 2026
47 points (92.7% liked)

Technology

technology@lemmy.world
82227 readers
4573 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
47
Death by a thousand slops (daniel.haxx.se)
submitted 4 days ago by lemmydividebyzero@reddthat.com to c/technology@lemmy.world
10 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] brsrklf@jlai.lu 7 points 4 days ago (8 children)

The great thing about asking gen AI to look for problems, is that it's so helpful it will create new ones for you.

Like arguing for hours that if you were to remove safeguards from your code, it would become unsafe.

https://hackerone.com/reports/2298307

[–] lemmydividebyzero@reddthat.com 2 points 4 days ago* (last edited 4 days ago) (6 children)

Luckily, the word "Certainly" is a huge hint that it was generated by AI. You know that the reporter of the "issue" copy-pasted the question of the developer right into the LLM and copy-pasted the output right into hackone.

[–] TheBlackLounge@lemmy.zip 2 points 3 days ago (4 children)

Hindsight bias. This is from 2023. It's obvious now. If it still was this easy to spot they wouldn't have closed the bug bounty program.

[–] T156@lemmy.world 1 point 3 days ago* (last edited 3 days ago) (1 child)

It was volume that was more the issue with the bug bounty program.

They were flooded, and recognising it is all well and good, but not if there's no good way to filter it out, not without massive collateral.

[–] TheBlackLounge@lemmy.zip 1 point 3 days ago (1 child)

I encourage you to read some threads linked at the bottom of the article. The AI spammers have become way less obvious, one even has video. The team still checks every issue.

[–] T156@lemmy.world 1 point 3 days ago* (last edited 3 days ago) (1 child)

Right, but the volume was the issue. The cURL team could only work through and verify them so quickly, so the deluge of bug reports just made it impractical for them to dedicate time to sort through it. The idea in getting rid of the bug bounty being that there would be less of an incentive to generate and write a bogus bug report.

If it was just a small handful of fake security reports, they wouldn't have minded nearly as much.

[–] TheBlackLounge@lemmy.zip 1 point 3 days ago

Uhu, and if it was still as obvious as in 2023 they could have made a filter by now... Which is why I called hindsight bias. But AI improved with being more convincing, that's the actual problem, not volume. Imagine if AI actually got more correct, they would also have a higher volume of reports. Maybe not that much but ones they'd actually have to spend time to fix.

load more comments (2 replies)
load more comments (3 replies)
load more comments (4 replies)