Anil Dash20h ago
You must picture Sam Altman holding a knife to Tim Berner-Lee's throat. We are in a truly existential level of danger when it comes to the survival of the open web, across every front. This year is when it all comes to a head. https://anildash.com/2026/03/27/endgame-open-web/
Endgame for the Open Web

A blog about making culture. Since 1999.

Anil Dash
Show threaddegenerating degenerate15h ago

@anildash

> Open source software projects, which power the vast majority of the internet's infrastructure, are now beleaguered by constant slop code submissions being made by automated AI code agents.

I think the era of trash submissions in order to try squeeze some prize money some of the time, has gone.

AI-powered vuln reports I get on my FOSS project for the last months have been accurate, scary and valuable. It will vastly improve security, if you survive the next months un0wned.

Show threadDźwiedziu12h ago

@hopeless
Curl shut down its bounty program, because of those slop squeeze reports.

So your experience is not an universal one.

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

@anildash

The end of the curl bug-bounty

tldr: an attempt to reduce the terror reporting. There is no longer a curl bug-bounty program. It officially stops on January 31, 2026. After having had a few half-baked previous takes, in April 2019 we kicked off the first real curl bug-bounty with the help of Hackerone, and while it stumbled a bit at first … Continue reading The end of the curl bug-bounty →

daniel.haxx.se
Show threaddegenerating degenerate

@dzwiedziu @anildash

Put this another way: projects that monetize bug reports find it attracts flies. When they stopped waving money at the problem, the problem went away. No money on offer in the first place? No flies.

Also the reason I say that era is over, is that the AI tools were markedly less good 6 months ago, during the time of the bug spam. Now, they are producing on-point, terrifyingly accurate results. Maintainers receiving these are too busy shitting themselves to complain.

10:32amWeb
Show threadDźwiedziu11h ago

@hopeless
Ad 1: human researchers now have less income options.

Ad 2: as you've changed the subject of this claim from you only to many indescribed maintainers I'm going to play a '[citation needed]' card.

@anildash

Show threaddegenerating degenerate11h ago

@dzwiedziu @anildash Could you calm down a bit, mate?

At least some of the "security researchers" handing me red hot potatoes are paid for by a FAANG company. They're not just doing it for me because I'm so likeable, or because they are either, but I would assume for anyone producing code they're are shipping. And they ship a lot of liberally licensed FOSS.

The people handing the bombs out are humans... they seem to have invested in their own pipeline using commercial AI and are doing well.

Show threadDźwiedziu11h ago

@hopeless
Okay “mate”, if you're trying me to pin me as someone not being calm when asked for data I will just walk away and assume that there is not a *broad* stream of *valid* slop-generated bug reports.

(So we're clear, because I'm feeling that I have to: that does not deny that there is a broad stream of *invalid* and bad-faith slop-generated reports.)

@anildash

Show threaddegenerating degenerate10h ago

@dzwiedziu @anildash

Bro... I certainly don't care what you believe... you are very welcome to continue to believe whatever makes you happy.

Of course if that's unrelated to what is actually happening in the world, it makes it pointless to talk to you.

Have a nice rest of your day.