@LukaszOlejnik
https://mastodon.social/@bagder/114450295029056683

@LukaszOlejnik it’s amazing what they are getting- takes hours of trying and failing to reproduce before concluding it’s complete bs. @GossiTheDog

@LukaszOlejnik AI is today's Soylent Green

@LukaszOlejnik Completely understandable. I believe this has to do with the mythologization of AI. People seem to believe AI is the Magic Tool That Solves All Problems. 🙄

On #Codeberg, we recently got spammed with obvious fake bug reports that appear to be written by LLMs. Thankfully, moderation deleted all of it at lightning speed. 👍

Conspiracy theory: Maybe this is what happend to curl as well. I.e. it's actually a *deliberate* spam attack to troll the devs and waste time.

@LukaszOlejnik It's funny because this is what I hear is one of the valid uses of AI in coding. But If it is this bad, then it seems like it adheres to the general impression I have of people coding with AI: They are trying to plow through without the normal work to gain the skills to do their work, and without due dilligence, and it works out poorly.

@LukaszOlejnik If I click on the reporter's username, there is a list of "closed bugs" together with dollar amounts. Is this money paid out?

If so, the slop is profitable, so it won't go away.

@LukaszOlejnik not done wondering why I got blocked for this, still seems quite accurate...

https://hespere.de/@hllizi/114427186083498772

@LukaszOlejnik Why do you accept reports via this service at all? Or is direct e-mail also filled with such broken reports?

@LukaszOlejnik awesome. Everyone should follow.

@LukaszOlejnik
"If we could, we would charge them for this waste of our time"

OK, why NOT charge a nominal fee? I'd be perfectly happy to pay $0.50 per instance to report bugs or vulnerabilities to an organization I trusted to pay attention to them. (Especially if they refund the toll less processing fees if the report was worthwhile.)

No responsible bug-finder is going to run up a significant bill in this way, but the AI idiots certainly will. Especially if you increase the reporting fee for each successive report from the same source (or the same credit card number) in a given time period. Waive the fees for known-reliable researchers who can be relied on to provide only meaningful submissions.

This is obviously not a wonderful solution, but it is A solution to an otherwise intractable problem, and, crucially, it turns the economy of scale back on the report-spammers.

@LukaszOlejnik Can't hackerone make submitter pay a submission fee?

@LukaszOlejnik …and I thought beg-bounties were annoying

@LukaszOlejnik

Folk may be interested in following @bagder , author of the post in the screenshot.

@LukaszOlejnik They spam them everywhere too. I have a fairly small website and never got a bug report before, but I did set up security.txt. Got submitted a generic clearly AI generated, and of course, inaccurate report. Made me want to pull the security.txt but fortunately it's just one so far

@LukaszOlejnik This will keep getting worse, as bug reports are perfect an attack surface to try and inject backdoors into apps.
Unfortunately, also the models themselves will keep increasingly attacked as people find ways of injecting backdoors into their training data.

@LukaszOlejnik The only thing that concerns me there is the "that we deem" part.

I absolutely want to see this situation resolved for them, but if they start straight up banning anyone who doesn't write "well enough" that's a problem too. It's not just a rejection of the report, but a full on ban they're talking about.

Sorry you have deal with this.. AI is already destroying so much without any robot needed @bagder

@LukaszOlejnik