Curl Up and De-AI*: Defending FOSS Projects and Communities Against the Rising Tide of Slop

*This is a nod to the English colloquialism "curl up and die"

1) Why not use AI to generate a list of suggested titles? 😅

To be honest these kind of inspiration are one of the few use cases where I find AI actually helpful.

I'm thinking something punning on bugs and plagues, trolls equipped with AI bludgeons. Flattening CURL: Timewasting trolls and the AI bug report barrage.
Curl in the Time Of Plague: Responding to AI-generated bug reports DDOSing a critical project.

I'm interested in the security implications and ideas for practical measures. I think the human factors are interesting - what are the demographics of people generating this nonsense - how many bad actors are we talking about, who are they, and what are their motivations?

Regarding question 2:

Some AI content is easy to identify. How did you identify AI content in recent cases where it was less obvious?

Does time wasted handling fake "bug reports" correlate with AI generating more believable content?

For what portion of incoming reports are you unsure if AI or not? Does this influence how you handle these?

How much does this topic cost actual human reporters, e.g. by reports accidentally being closed as AI slop or time spent to prove being human?

Title: AI (Argumentative/Abusive Interferants)' impact on cURL's security program.

Details: A stunning rebuke against everything that executives and salespeople claim to be true about AI in open source security.

Also, since "AI" is becoming a dirty word that left a poor taste in the mouth and now the conmen are shilling a new buzzword: "Agentic", I'd love a clear line in any charts showing when "Agentic" became a term to show how it doesn't magically make security reports better.

no clever title for you, but some ideas on things to cover:

- key stuff like the asymmetry of effort involved with generated reports vs. responding to them

- your thoughts regarding the sustainability of bug bounties in the face of LLM submissions

- maybe a timeline + data/graph on how many nonsense reports you get

- impact on you personally (motivation, interpersonal with contributors, etc.)

- how it's changed your views on tech, FOSS, and the security community in general

The Monkey Paw Curls: how techbros wish for a world without other people

The Monkey Paw Curls: how techbros wish and how we will suffer

How techbros are bringing a 16t weight to everyone's curling

A curl-iculum on how to waste a volunteer's time, money and sanity

More after I'll have my caffeine injections.

Androids dream of curl security vulnerabilities.

I’d like the talk to contain statistics and/or timelines that explain the scale of the problem, when it started, if it grows linearly or exponentially. What things you’ve tried to reduce the poor submissions and your thoughts on what works best. I’d like to see the most ridiculous example and the example that wasted most time.

1) "It Doesn't Work Though: Your investors Are Not Smart Enough To Be Allowed To Decide This For You"

I mean, may be a bit wide in scope for your purposes but that's the soapbox I'm on at the moment so that's what came to mind =\

AI Slop Makes my Hair Curl

merriam-webster.com/dictionary…

Definition of make one's hair curl

Definition of 'make one's hair curl' by Merriam-Webster

^{Merriam-Webster Dictionary}

Why I can never curl up on my couch

or with a sneaky ADHD bracket

Why (a)I can never curl up on my couch