“If this continues, we’ll drown. Not in bugs — but in nonsense.”

💡 Not a Medium member? You can still read this article in full with [Click here]

That’s not the rant of a burned-out developer. That’s Daniel Stenberg, the creator and lead maintainer of curl —a tiny command-line utility you’ve probably never thought about, but one that quietly moves the internet every second of every day.

curl is everywhere. It’s in your terminal, your Docker containers, your apps, your APIs. It’s used by Google, Apple, Facebook, and thousands more. It's one of the quiet backbones of the internet.

So why is its maintainer sounding the alarm?

Because in 2025, something wild is happening: AI-generated bug reports are flooding open source projects — and it’s not helpful, it’s harmful.

If you haven’t heard of it before, HackerOne is a bug bounty platform. It’s a place where security researchers get paid to find vulnerabilities in real-world software. Companies use it to outsource some of their security testing to ethical hackers.