daniel:// stenberg://15h ago
The AI slop security reporting is basically extinct. It almost does not happen anymore. At all.
Show threaddaniel:// stenberg://14h ago

I want to emphasize this because when I talk about AI security reports now, half my readers seem to believe those are AI slop. They're not. They are found with AI tools and normally high quality bug reports.

The weakest part is that they tend to overstress the vulnerability angle. Lots of them are well phrased bug reports that are still "just bugs".

Show threadUtopiah (Fabien Benetou)14h ago
@bagder "they tend to overstress the vulnerability angle." which I imagine is simply because that's what the prompt suggested.
Show threaddaniel:// stenberg://14h ago
@utopiah probably, but also because the AIs can't really tell
Show threadUtopiah (Fabien Benetou)
@bagder sure, ironically enough there is no "I" in AI.
9:50amWeb
Show threadMarcos Dione10h ago
@utopiah @bagder there's no irony at all, it's at minimum a marketing strategy.