Sara Golemon4d ago

RE: https://mastodon.social/@bagder/116238308017724408

AI is not your friend, buddy.

Show threadSarah Savage
@pollita @bagder I wanted to read that article but alas it’s a video. I wish it had a transcript.
Mar 23 at 12:07amWeb
Show threadSara Golemon4d ago

@sarah @bagder "Hey grok, generate a transcript of the video above."

Ow! Ow! Stop! It was a joke! A JOKE!!

Show threadMatt Brown4d ago

@sarah @pollita Here's Daniel's initial blog post on the matter: https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

In the hands of experts, proprietary LLM-assisted security analysis caught 50 bugs/vulnerabilities in Curl: https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/

But commercially-available LLMs make it easy for clueless grifters to submit HackerOne reports, so they had to shut down the whole thing.

The end of the curl bug-bounty

tldr: an attempt to reduce the terror reporting. There is no longer a curl bug-bounty program. It officially stops on January 31, 2026. After having had a few half-baked previous takes, in April 2019 we kicked off the first real curl bug-bounty with the help of Hackerone, and while it stumbled a bit at first … Continue reading The end of the curl bug-bounty →

daniel.haxx.se
Show threadSarah Savage3d ago

@mattbrowndev @pollita thanks! I am really sad to hear that slop has been such a problem.

When I use AI I know its limits and use my own expertise to verify its outcomes. But I can see where slop is a real issue.