89 days into the year, the #curl project has received 72 security reports on Hackerone and ten additional ones over other channels. Close to one a day on average.

Compared to 2024, this is roughly 4x the volume.

The "obviously AI slop" rate has drastically gone down but the rate of actual vulnerabilities is below 10%.

We continue to spend a significant amount of time and effort on security.