A torrent of AI submissions forced open source project CURL to scrap its bug bounty program – maintainer claims they’re removing the “incentive for people to submit crap”

A popular open-source data transfer service, Curl, has scrapped its bug bounty program due to an influx of AI-generated 'slop' contributions. The maintainer, Daniel Stenberg, revealed that 20 submissions were recorded in 2024, none of which identified a concrete vulnerability. The decision to shut down the program aims to reduce the noise and number of AI-generated reports, as the high volume of submissions was placing a 'high load' on the security team.