cURL Ends Bug Bounty Program After Drowning in AI-Generated Slop Reports

The cURL project has shut down its bug bounty program, citing an unmanageable flood of AI-generated vulnerability reports that waste maintainer time — a concrete signal that AI slop is now a real operational problem for open-source infrastructure.