I saw a similar story about how an open source software project (I think it was curl) have cancelled their bug bounty programme because it’s being overrun with LLM-generated reports and they don’t have enough volunteers to verify them all. The relevant bit is that while many were doing it for the financial reward, some do it for reputation and some genuinely do think they’re helping by adding info they think is missing but not realising that what they’re posting is unreliable.
I don’t understand why ppl do this. Is this malicious? Do they think they are somehow helping?
I saw a similar story about how an open source software project (I think it was curl) have cancelled their bug bounty programme because it’s being overrun with LLM-generated reports and they don’t have enough volunteers to verify them all. The relevant bit is that while many were doing it for the financial reward, some do it for reputation and some genuinely do think they’re helping by adding info they think is missing but not realising that what they’re posting is unreliable.