Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the following email: Hi ph00lt0, Nextcloud is sending you a message about their program on HackerOne. Hello, We are writing to you because you have previously reported vulnerabilities to Nextcloud via HackerOne. Like many other software projects, we have been receiving an increasi...

Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the fol…

  • darklamer@feddit.orgEnglish
    67·
    16 hours ago

    I too have started to receive such PRs to review and it’s soul crushing.

    – I don’t understand what you were thinking here, these changes make no sense to me, could you please be so kind and explain to me why you think this would be an improvement?

    – I don’t know, the LLM just suggested it.

    • timbuck2themoon@sh.itjust.worksEnglish
      19·
      13 hours ago

      What I don’t get is- these people are disingenuous or actually think theyre helping.

      Helping how? The owner of the repo can submit code to your bullshit machine the exact same way. What value are you producing?

      • SaharaMaleikuhm@feddit.orgEnglish
        9·
        10 hours ago

        The people doing this feel like it was their doing because they control the machine basically. This craving to produce something is strong in the ones who have no skills of their own. That’s why these PRs only ever come from absolutely incompetent buffoons.

      • darklamer@feddit.orgEnglish
        8·
        11 hours ago

        This remains a great mystery to me. As far as I can see, all they achieve is to waste time and resources for everyone involved, including themselves, without creating anything of value to anyone. It’s truly baffling.

        • SaharaMaleikuhm@feddit.orgEnglish
          4·
          10 hours ago

          It makes them feel good. Like they done something positive. It’s utterly pathetic and I despise these people with no skills, no ability to create anything of their own.

    • mesa@piefed.socialOPEnglish
      34·
      16 hours ago

      I maintain a library that is used quite a bit and I had to turn off github issues because AI bots are trying to push reporting security vulns…in a library that has no dependencies. Or AI that is setup to waste time by asking pointless questions that do not pertain to the library. The library is literally two files. Technically 3 if you include the tests.

      I moved my library over to codeberg recently. So much better of an experience. Its really too bad, I have 15+ years in Github but the AI bots are going to push me out.

      • OwOarchist@pawb.socialEnglish
        16·
        11 hours ago

        I moved my library over to codeberg recently. So much better of an experience. Its really too bad, I have 15+ years in Github but the AI bots are going to push me out.

        If AI can finally kill Github and get repos to move to open-source alternatives, maybe AI isn’t that bad after all.

      • vividspecter@aussie.zoneEnglish
        10·
        13 hours ago

        Hopefully forgejo will have federation released soon which will make interacting across projects easier. Although maybe that will just encourage the bots to use it, so can’t win really.

        • WhyJiffie@sh.itjust.worksEnglish
          4·
          8 hours ago

          I think there can be a difference. github encourages this behavior, even provides the tools for it. but if the forgejo community stands strongly against it from the beginning (users reporting true slop, moderators deleting and banning them, admins defederating from intentional slop sources), then maybe that kind will stay away from the platform