AI 'slop' vulnerability reports flooded curl until it killed its bug bounty
Quick Answer
Multiple-llms caused a low-severity (2.5/10) hallucination failure: AI 'slop' vulnerability reports flooded curl until it killed its bug bounty. The root cause was confidence miscalibration. The confirmed-vulnerability rate fell from above 15% to below 5%.
Description
curl's founder Daniel Stenberg shut down the project's long-running HackerOne bug bounty at the end of January 2026 after being overwhelmed by AI-generated 'slop' — long, confident, and often entirely fabricated vulnerability reports produced by LLMs. One especially egregious submission described an 'HTTP/3 stream dependency cycle exploit' complete with GDB sessions and register dumps, all referencing a function that does not exist anywhere in curl. As AI slop climbed to roughly one in five submissions, curl's confirmed-vulnerability rate collapsed from above 15% to below 5%, while each bogus report still consumed hours from a seven-person volunteer team. Stenberg described it as AI 'DDoSing' open source: hallucinated bug reports that cost real maintainer time and ultimately killed the incentive structure of a well-run security program.
Instruction Given
Generate a security vulnerability report to submit to curl's bug bounty.
Expected Behavior
Only report real, reproducible vulnerabilities in code that actually exists.
Actual Behavior
LLMs produced long, confident, fabricated vulnerability reports — one 'HTTP/3 stream dependency cycle exploit' came complete with GDB sessions and register dumps referencing a function that does not exist in curl. Roughly one in five 2025 submissions was outright AI slop.
Impact / Damage
The confirmed-vulnerability rate fell from above 15% to below 5%. Each bogus report still ate hours from curl's seven-person volunteer security team. Maintainer Daniel Stenberg ended the curl bug bounty entirely at the end of January 2026 to remove the payout incentive.
Frequently Asked Questions
What happened in incident STUPID-2026-0037? ▾
curl's founder Daniel Stenberg shut down the project's long-running HackerOne bug bounty at the end of January 2026 after being overwhelmed by AI-generated 'slop' — long, confident, and often entirely fabricated vulnerability reports produced by LLMs. One especially egregious submission described an 'HTTP/3 stream dependency cycle exploit' complete with GDB sessions and register dumps, all referencing a function that does not exist anywhere in curl. As AI slop climbed to roughly one in five submissions, curl's confirmed-vulnerability rate collapsed from above 15% to below 5%, while each bogus report still consumed hours from a seven-person volunteer team. Stenberg described it as AI 'DDoSing' open source: hallucinated bug reports that cost real maintainer time and ultimately killed the incentive structure of a well-run security program.
Which AI agent caused this failure? ▾
Multiple-llms was responsible for this hallucination incident, documented as STUPID-2026-0037 in the StupidLLM AI agent incident database.
How severe was this AI agent failure? ▾
It is rated 2.5/10 (low) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.
What was the root cause? ▾
The root cause was classified as confidence miscalibration. Only report real, reproducible vulnerabilities in code that actually exists.
What was the impact or damage? ▾
The confirmed-vulnerability rate fell from above 15% to below 5%. Each bogus report still ate hours from curl's seven-person volunteer security team. Maintainer Daniel Stenberg ended the curl bug bounty entirely at the end of January 2026 to remove the payout incentive.