Stop using AI to submit bug reports, says Google
Summary
Google will no longer accept AI-generated bug submissions to its Open Source Software Vulnerability Reward Program due to low quality and frequent hallucinations. The Linux Foundation is also overwhelmed by AI-generated reports and has received $12.5 million in funding from AI companies to develop tools for managing this influx and improving open-source security.
IFF Assessment
The proliferation of low-quality, AI-generated security reports is overwhelming security teams and diverting resources from genuine threats.
Defender Context
This highlights a growing challenge for security teams: the noise generated by AI-assisted tools. Defenders need to be vigilant about distinguishing genuine security issues from AI-generated noise and should advocate for better filtering mechanisms and processes for vulnerability reporting.