You've used curl whether you know it or not. The command-line tool and its library, libcurl, handle data transfers inside cars, TVs, phones, game consoles, medical devices, and a large slice of the servers that run the internet. It's maintained by a small group of volunteers led by Daniel Stenberg, who has shipped this thing for more than two decades. For a project that critical, a healthy security-reporting pipeline isn't a nicety; it's load-bearing infrastructure for everyone downstream.

On January 31, 2026, curl shut down the bug bounty program it had run since April 2019. The reason wasn't a lack of funding or interest. It was AI slop: a relentless tide of confident, fabricated vulnerability reports that the security team had to read, take seriously, and debunk, one after another, until the whole arrangement stopped being worth it.

Death by a thousand slops

Stenberg gave the phenomenon a name in a July 2025 post, "death by a thousand slops." The pattern is depressingly simple. Someone who wants HackerOne reputation, a payout, or just the feeling of contributing fires up a chatbot, asks it to find a critical security problem in curl, and forwards whatever it generates. The model obliges, because that's what it does. It produces a fluent report describing a buffer overflow, a use-after-free, a request-smuggling flaw, complete with plausible-looking function names and CWE identifiers. None of it is real. The vulnerability doesn't exist. The "proof of concept" doesn't reproduce. The cited code path is often something the model imagined.

The trouble is that fluent fiction is expensive to disprove. A report that's obviously garbage gets closed in a minute. A report that's confidently wrong, dressed in the right jargon, and insistent that curl is one CVE away from catastrophe forces a human to go read the actual code, confirm the claimed bug isn't there, and write up why. Stenberg has described reports where the submitter keeps arguing, escalating, twisting the finding to sound worse, never once offering a fix or engaging with the project in good faith. Each of those exchanges is hours the team will never get back.

And it's not one or two volunteers. curl's security team has seven members, and Stenberg has explained that every report typically pulls in three or four of them to make sure they handle each case correctly. Multiply that by a flood and you get a denial-of-service attack carried out entirely with words, no exploit required.

What the numbers actually say

Stenberg, to his credit, runs the project on data rather than vibes, and the figures are stark. Over the bounty's lifetime, curl confirmed 87 genuine vulnerabilities and paid out more than $100,000 to researchers; for years it was a real success that measurably improved the software.

Then the slope turned downward. Historically, somewhere north of 15% of submissions ended up being confirmed vulnerabilities. Starting in 2025, that confirmed-rate dropped below 5%. As Stenberg put it bluntly, not even one in twenty was real. In the July 2025 snapshot he estimated about 20% of all submissions were outright AI slop, with the project averaging roughly two security reports a week and only around 5% of the year's submissions turning out to be genuine. By early 2026 he tallied twenty submissions already that year, including seven inside a single sixteen-hour stretch, none of which described an actual vulnerability.

HackerOne's own cross-program data, which curl cited, made it worse: over the prior year, curl's inbound report volume rose sharply while comparable bounty-paying open-source programs like Ruby, Node, and Rails stayed mostly flat. curl wasn't imagining that it had it worse than its peers. It measurably did, and the leading suspect was the cash reward acting as a magnet for low-effort, AI-assisted noise.

What curl actually changed

It's worth being precise here, because "curl shut down security reporting" would be wrong and Stenberg explicitly pushed back on that reading. The disclosure program isn't gone. What ended is the money and, initially, the platform:

• No more monetary rewards, at any severity, to remove the incentive for people to gamble a chatbot session on a payout.
• A move off HackerOne as the recommended reporting channel, initially redirecting reporters to GitHub's private vulnerability reporting feature and email to the security team.
• A standing policy to ban and publicly ridicule anyone caught submitting AI slop, on the theory that public embarrassment is one of the few deterrents that actually bites.

The platform piece got messy. The GitHub-only experiment didn't work well for curl's needs, and by March 2026 the project moved security reporting back to HackerOne, still with no bounty attached. The zig-zag is itself a useful data point: a project this experienced couldn't find a clean, well-supported way to run secure, efficient vulnerability intake without a bounty, which says something uncomfortable about the state of open-source security tooling. The permanent change is the one that matters: the cash is gone, deliberately, to drain the swamp.

Misuse, not malfunction, and why it still counts

Let's be straight about the category. No AI system malfunctioned in this story. curl's own software didn't break. The chatbots did exactly what they're built to do: generate fluent, plausible text on demand. The harm came from humans pointing that fluency at a security process and pulling the trigger, over and over.

So why is it here? Because the consequence is concrete, documented, and systemic, and because the AI's specific failure mode, producing confident fabrications that are cheap to generate and costly to refute, is the entire mechanism of the damage. This isn't a generic complaint that "people are lazy." Spam has always existed. What changed is that generative models collapsed the cost of producing a report that's individually credible enough to demand a human's full attention. The asymmetry is the weapon: seconds to generate, hours to debunk, aimed at a volunteer team that maintains code running in billions of devices.

That puts this in the same family as the site's other systemic AI-slop stories, where the failure isn't a single dramatic crash but a flood of machine-generated low-quality content degrading something important until it buckles. Here the casualty is a security pipeline that the entire internet quietly depends on. A bug bounty program that worked for six years and produced 87 real fixes got dismantled because the signal-to-noise ratio was destroyed by tooling that makes noise for free.

A curl problem that isn't really about curl

Stenberg has been clear that he doesn't think this stops at curl. His framing, that "AI slop is overwhelming maintainers today and it won't stop at curl but only starts there," is the part worth sitting with. curl is unusually well-resourced for an open-source project: a known leader, a real security team, years of process, and enough visibility that the press covers its decisions. If the slop tide can force curl to tear down a working bounty, the thousands of smaller projects with one exhausted maintainer and no triage process don't stand a chance.

There's also a human cost that doesn't show up in a CVE database. Stenberg described the decision in terms of survival and "intact mental health," and noted his fellow volunteers might have only a few hours a week for curl, hours now spent disproving machine-generated fiction instead of improving the software. Burning out the unpaid people who keep critical infrastructure secure is its own kind of vulnerability, one no scanner will ever flag.

The uncomfortable lesson is that you can degrade a security process without ever finding a single real bug. You just have to flood it with things that look like bugs faster than humans can rule them out. curl's answer, removing the reward and accepting a noisier reporting channel over a poisoned one, is a reasonable triage. It's also a warning shot. The economics that broke curl's bounty are pointed at every open-source project that still relies on goodwill and human attention to stay safe.