Bug bounty platforms are becoming overrun with fake vulnerability reports churned out by generative AI tools, undermining trust in disclosure processes and wasting the time of maintainers — sometimes even earning payouts for bogus submissions.
As highlighted in a Socket report, open source security researcher Harry Sintonen flagged a fraudulent vulnerability report submitted to the curl project via HackerOne, revealing a troubling trend of AI-generated bug reports he calls “AI slop.” These submissions mimic the structure and tone of legitimate disclosures but invent code functions, reference non-existent patches, and describe untestable vulnerabilities. The report in question, H1 #3125832, was quickly recognized by curl’s maintainers as nonsense. It cited fake commit hashes, referenced imaginary versions of components, and ultimately failed any attempt at reproduction.
The attacker behind the report, tied to the @evilginx account, appears to be submitting similar AI-generated reports to multiple organizations — and in some cases, receiving payouts. While curl’s team had the expertise to spot and reject the deception, many organizations aren’t so lucky.
Bug bounty programs were originally designed to crowdsource security expertise by rewarding ethical hackers for identifying real-world flaws. But as Sintonen notes, many organizations — especially smaller or less technical ones — lack the resources to rigorously validate every report. In some cases, it’s simply cheaper to approve a payout than to perform a deep-dive review. This creates a structural vulnerability in the system: AI tools can now fabricate plausible-looking reports at scale, exploiting that lack of triage capacity.
This isn’t an isolated case. Benjamin Piouffle, a software engineer at Open Collective, reports seeing a surge in AI-generated junk in their own inbox. “We’re managing to filter them because our reviewers are technical,” Piouffle said, but warns that this approach may not scale. Open Collective is now considering migrating to platforms like HackerOne with stricter submission controls, though doing so could make it harder for less experienced researchers to participate.
The issue is widespread across the open-source ecosystem. Seth Larson, Security Developer-in-Residence at the Python Software Foundation, notes that popular Python projects like urllib3 and pip are now regularly targeted with AI-generated reports based on automated scans. In one case, a report claimed a security issue with SSLv2 — even though the code in question was explicitly disabling it. These types of “slop” reports may appear legitimate at first glance but collapse under scrutiny.
The real cost of these reports isn’t just the occasional payout to a bad actor — it’s the cumulative burden on the triage process. Maintainers must waste hours debunking fabricated claims, while legitimate researchers may find it harder to get recognition amid the noise. As Sintonen points out, this could erode the entire bug bounty model: “Genuine researchers quit in frustration… Orgs abandon bug bounty programs… Financial support dries up.”
Platforms like HackerOne attempt to discourage abuse by limiting access for users who submit low-quality reports, but these deterrents may not be enough. In the curl case, the attacker voluntarily closed the report and marked it “Not Applicable,” skirting any reputation loss on the platform.
Ultimately, this is a human and organizational challenge. The technological tools exist to generate and detect slop, but the incentives to fix the problem are lacking. As long as it remains easier — or cheaper — to reward fake reports than to vet them properly, the problem will continue to grow.
Leave a Reply