Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the fol…
Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the fol…
I maintain a library that is used quite a bit and I had to turn off github issues because AI bots are trying to push reporting security vulns…in a library that has no dependencies. Or AI that is setup to waste time by asking pointless questions that do not pertain to the library. The library is literally two files. Technically 3 if you include the tests.
I moved my library over to codeberg recently. So much better of an experience. Its really too bad, I have 15+ years in Github but the AI bots are going to push me out.
If AI can finally kill Github and get repos to move to open-source alternatives, maybe AI isn’t that bad after all.
Hopefully forgejo will have federation released soon which will make interacting across projects easier. Although maybe that will just encourage the bots to use it, so can’t win really.
I think there can be a difference. github encourages this behavior, even provides the tools for it. but if the forgejo community stands strongly against it from the beginning (users reporting true slop, moderators deleting and banning them, admins defederating from intentional slop sources), then maybe that kind will stay away from the platform