AI Slop Is Breaking Both Pillars of the Security Disclosure Economy

Something is shifting in security right now. AI code scanners and LLM-driven fuzzers have started spitting out hundreds of vulnerability candidates per day, and two of the field’s most sacred conventions are buckling under the weight at the same time: responsible disclosure and bug bounties. Both grew out of different philosophies, but both quietly assumed the same thing — that the bug on the table was found by a human who spent real time finding it. That assumption is no longer safe.

The Gentleman’s Agreement That Built Modern Security

Responsible disclosure took shape in the late 1990s as something close to a handshake deal. A researcher finds a flaw, tells the vendor first, and gives them time to patch — usually 90 days, a window Google’s Project Zero effectively canonized.

The model works on two preconditions. First, the volume of incoming reports has to be something a vendor can actually triage. Second, most reports have to be real. When humans were the bottleneck, both held by default.

Then the Models Got Good

GPT-5-class systems and purpose-built security LLMs can now ingest entire codebases and generate vulnerability reports on autopilot. A single researcher can produce hundreds of candidate findings in a day. The problem is that a startling share of them are wrong.

Open source maintainers were the first to scream. Daniel Stenberg, the lead maintainer of curl, has been openly furious for over a year about what he calls “AI slop” eating half his workday. The reports look legitimate at first glance — clean English, code snippets included, plausible structure. Dig in and the function signatures are wrong, the APIs don’t exist, or the control flow simply doesn’t make sense. The volume is the point. Even a 5% true-positive rate is unworkable when the denominator explodes.

Bug Bounties Take a More Direct Hit

If responsible disclosure is a problem of trust, bug bounties are a problem of money. Platforms like HackerOne and Bugcrowd run on one rule: pay for valid bugs. AI reports are warping that economy fast.

Triage costs are spiking. Finding one real vulnerability now means filtering through dozens of fabricated ones. Some companies have already paused their programs or added explicit clauses banning AI-generated submissions. Meanwhile, a handful of hunters who use AI well are climbing leaderboards by sheer throughput, multiplying their submission rates. Telling honest researchers apart from slop generators is getting harder by the month — and the platforms haven’t figured out how to score for it.

The Asymmetry Favors Attackers

Here’s the uncomfortable part. The biggest beneficiary of all this may be the attacker. While defenders burn cycles classifying garbage reports, attackers point the same AI tools at the same codebases and find real bugs to exploit before patches ship. The defender-attacker asymmetry that the disclosure economy was supposed to narrow is widening again.

Major vendors are scrambling. Some are demanding working PoC code as a baseline. Others are layering verification steps before a report even reaches a human triager. The catch: every barrier raised against slop also raises the barrier for the legitimate independent researcher who used to be the lifeblood of these programs.

Both Pillars Need a Redesign

Responsible disclosure and bug bounties have held up the security ecosystem for two decades. The fact that both are wobbling at once isn’t a policy bug to be patched — it’s a signal that the economics and ethics of vulnerability reporting need to be rebuilt from the ground up.

If you run an open source project or an internal security program, this is the question worth sitting with this week: would your process survive a world where half your weekly inbox is plausible-looking nonsense? And what signal, exactly, are you going to use to recognize the real researchers when the noise floor keeps rising?