Daniel Stenberg警告称,AI生成的虚假漏洞报告正涌入开源项目,威胁网络安全研究。作为curl工具的维护者,他指出这些"幻觉漏洞"不仅无用,反而有害。HackerOne等平台依赖安全研究员发现真实漏洞以获得奖励,但AI生成的虚假报告正在扰乱这一过程。 2025-7-20 05:3:39 Author: infosecwriteups.com(查看原文) 阅读量:22 收藏
“If this continues, we’ll drown. Not in bugs — but in nonsense.”
💡 Not a Medium member? You can still read this article in full with [Click here]
That’s not the rant of a burned-out developer. That’s Daniel Stenberg, the creator and lead maintainer of curl —a tiny command-line utility you’ve probably never thought about, but one that quietly moves the internet every second of every day.
curl is everywhere. It’s in your terminal, your Docker containers, your apps, your APIs. It’s used by Google, Apple, Facebook, and thousands more. It's one of the quiet backbones of the internet.
So why is its maintainer sounding the alarm?
Because in 2025, something wild is happening: AI-generated bug reports are flooding open source projects — and it’s not helpful, it’s harmful.
If you haven’t heard of it before, HackerOne is a bug bounty platform. It’s a place where security researchers get paid to find vulnerabilities in real-world software. Companies use it to outsource some of their security testing to ethical hackers.
如有侵权请联系:admin#unsafe.sh