cURL’s Daniel Stenberg: AI slop is DDoSing open source

Daniel Stenberg, creator of cURL, discussed the dual impact of AI on open source security at FOSDEM 2026. On the negative side, AI is enabling a flood of bogus, confidently written vulnerability reports—termed "AI slop"—which are draining maintainers' time and morale, leading him to halt cURL's bug bounty program to remove the financial incentive for this spam. Stenberg noted that the rate of accurate reports dropped from one in six to one in 20 or 30 due to this noise. Conversely, Stenberg highlighted that AI-powered analysis tools are proving highly effective, uncovering over 100 deep bugs in cURL that previous methods missed by reasoning across protocols and specifications. While he remains skeptical of AI for generating production code, viewing its suggestions as needing careful vetting, he stresses that AI is a tool whose ultimate impact—whether it aids in "terror reporting" or makes code measurably safer—depends on human choice.

(Source：The New Stack)