39 comments

[ 2.4 ms ] story [ 60.9 ms ] thread
I think eventually all OSS projects/repos will suffer with this.

My bet is that git hosting providers like GitHub etc. should start providing features to allow us for better signal/noise ratio

For all the discussions about the slopification of the internet, the human toll on open source maintainers isn’t really talked about. It's one thing to get flooded with bad reports; it's another to have to mentally filter AI-generated submissions designed to "sound correct" but offer no real value. Totally agree with the author mentioning the emotional toll it takes to deal with these mind-numbing stupidities.
Maybe instead of trying to detect LLMs, would a better strategy be to try and detect inconsistent or self-contradictory reports? The reports we see here seem to unravel at some point, either leaving out crucial information, such as code location or steps to reproduce, while insisting the information is present - or straight-up claiming things about a code location that are not there.

Such as the buffer length check in [1] where the report hallucinated an incorrect length calculation and even quoted the line, then completely ignored that the quoted line did not match what the report was talking about and was in fact correct.

So essentially, can we put up a gaslighting filter?

It seems like those kinds of inconsistencies could be found, ironically, by an LLM.

[1] https://news.ycombinator.com/item?id=44561058

Oh god, going through some of the reports listed on the bottom of the page feels like a nightmare. I cannot imagine how it is for the actual maintainers.

I wonder what's the solution here. You need to be able to receive reports from anyone, so a reputation based system is not applicable. It also seems like we cannot detect whether a piece of text was generated with LLM..

Why reputation is not applicable. Arrange for whitelist off-channel and then submit your requests. I think that reputation and non-anonymity is the only applicable way forward.

And when i say "non-anonymity" i don't mean "public". You can be non-anonymous with one person not the whole world.

> Maybe we need to drop the monetary reward?

That would likely fix some of it, but I suspect that you'd still get a lot, anyway, because people program their crawlers to hit everything, regardless of their relevance. Doesn't cost anything more, so why not? Every little hit adds to the coffers.

Sort of separate but perhaps also relevant to the thousands cuts/slops: Isn't the scope of curl/libcurl a bit too big?

It supports almost every file-related networking protocol under the sun and a few more just for fun. (https://everything.curl.dev/protocols/curl.html)

Meanwhile 99.8% of users (assuming) just use it for HTTP.

Here's a few complex protocols I bet many do not know that curl supports:

- SMB

- IMAP

- LDAP

- RTMP

- RTSP

- SFTP

- SMTP

At the very least, this magnifies the cost of dealing with AI slop security reports and sometimes also the risk for users.

> The length check only accounts for tmplen (the original string length), but this msnprintf call expands the string by adding two control characters (CURL_NEW_ENV_VAR and CURL_NEW_ENV_VALUE). This discrepancy allows an attacker ...hey chat, give this in a nice way so I reply on hackerone with this comment

Ohhh, copy and pasted a bit too much there.

And it's not just vulnerability reports that are affected by this general trend. I use social media, X specifically, to follow a lot of artists, mostly for inspiration and because I find it fun to share some of the work that other artists have created, but over the past year or so I find that the mental workload it takes for me to figure out if a particular piece of art is AI-generated is too much and I start leaning into the safe option of "don't share anything that seems even remotely suspicious unless I can verify the author".

The amount of art posts that I have shared with others has decreased significantly, to the point where I am almost certain some artists who have created genuine works simply get filtered out because their work "looks" like it could have been AI-generated... It's getting to the point where if I see anything that is AI it's an instant mute or block, because there is nothing of value there - it's just noise clogging up my feed.

> charging a fee [...] rather hostile way for an Open Source project that aims to be as open and available as possible

The most hostile is Apple where you cannot expect any kind of feedback on bug reports. You are really lucky if you get any kind of feedback from Apple.

Getting good feedback is the most valuable thing ever. I don't mind having to pay $5/year to be make reports if I know I would get feedback.

(comment deleted)
Make a private program with monetary rewards and a public program without. Invite only verified researchers.
These AI reports are just an acceleration of the slop created by similar human “researchers”. The real root cause of this is that most security “professionals” have been trained to do the bare minimum of work and expect a payday from it.

There’s an entire industry of “penetration testers” that do nothing more than run Fortify against your code base and then expect you to pay them $100k for handing over the findings report. And now AI makes it even easier to do that faster.

We have an industry that pats security engineers on the back for discovering the “coolest” security issue - and nothing that incentivizes them to make sure that it actually is a useful finding, or more importantly, actually helping to fix it. Even at my big tech company, where I truly think some of the smartest security people work, they all have this attitude that their job is just to uncover an issue, drop it in someone else’s lap, and then expect a gold star and a payout, never mind the fact that their finding made no sense and was just a waste of time for the developer team. There is an attitude that security people don’t have any responsibility for making things better - only for pointing out the bad things. And that attitude is carrying over into this AI slop.

There’s no incentive for security people to not just “spray and pray” security issues at you. We need to stop paying out but bounties for discovering things, and instead better incentivize fixing them - in the process weeding out reports that don’t actually lead to a fix.

How about only sending submissions to humans if they include a reproducible test case? Actual compilable source code + payload that reproduces an attack. Would this be too easily gamed by security researchers as well?
The obvious way forward is to have AI do an initial vet, and ideally create an exploit before a human reviews.
As the only developer maintaining a big bounty program. I believe they are all trending downward.

I've recently cut bounties to zero for all but the most severe issues, hoping to refocus the program on rewarding interesting findings instead of the low value reports.

So far it's done nothing to improve the situation, because nobody appears to read the rewards information before emailing. I think reading scope/rewards takes too much time per company for these low value reports.

I think that speaks volumes about how much time goes into the actual discoveries.

Open to suggestions to improve the signal to noise ratio from anyone whose made notable improvements to a bug bounty program.

Putting on my tinfoil hat, I wonder if some of that slop might be coming from actual black-hat groups or state actors - who have an interest in making it harder to find and close real exploits.

Those people wouldn't care about the bounty, overwhelming the system would be the point.

I think those people are busier overwhelming other, bigger systems right now, but it's a fair point. I daresay when you get down to a real salt-the-earth destroy-everything point, open source projects can expect destruction by the same people.

To say nothing of the uses of real exploits: that's salient.

You could charge a fee and give the money back if the report is wrong but seems well-intentioned.

I see the issue with this, it's payment platforms. Despite the hate, cryptocurrency seems like it could be a solution. But in practice, people won't take time to set up a crypto wallet just to submit a bug report, and if crypto becomes popular, it may get regulations and middlemen like fiat (which add friction, e.g. chargebacks, KYC, revenue cuts).

However if more services use small fees to avoid spam it could work eventually. For instance, people could install a client that pays such fees automatically for trusted sites which refund for non-spam behavior.

Charging a fee to submit a bug report raises the barrier to entry and will reduce the amount of effort people are willing to spend. Which can be a net positive - charging $100 to be able to submit an app to Apple's app store helped prevent a lot of spammy low-effort iFart apps in the early days.
Takes all the self-control I have not to make a crude joke about the title
Some of these AI slop report exchanges are absolutely hilarious. Love seeing people caught red handed then trying to play it off.. This is why Vulnerability Research needs more gatekeeping.
(comment deleted)
You could require that submissions include an expletive or anything else that LLMs are sanitized to not produce. With how lazy these people are that ought to filter out at least some of them.
They are lazy up until they lose money if they don't do something. So if this was the only way to submit the reports, they'll find a way to prompt-hack the LLM to produce the expletive.

...or, just add it to the generated text themselves.

AI slop is rapidly destroying the WWW, most of the content is becoming more and more low-quality and difficult to tell if its true or hallucinated. Pre-AI web content is now more like the golden-standard in terms of correctness, browsing the Internet Archive is much better.

This will only cause content to go behind pay-walls, allot of open-source projects will be closed source not only because of the increased work maintainers have to do to not only review but also audit patches for potential AI hallucinations but also because their work is being used to train LLMs and re-licensed to proprietary.

Maybe a curl Patreon for would-be H1 contributors? Just need to figure out a donation amount that is trivial for legitimate security researchers, but too rich for spammers.