On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year with the only difference being only AI slop, and now since the beginning of the year we're around 5-10 per day depending on the days (fridays and tuesdays seem the worst). Now most of these reports are correct, to the point that we had to bring in more maintainers to help us.
It's easy to imagine that this will change software development in general.
Is that link broken for everyone, or just me?
archived link
Thanks! I use https://archive.is/ frequently to archive pages. I didn't think to try using their search for the URL. I zapped you for that.
Me too
This is the interesting part to me. I'm getting more hits now too. But it's still mostly misses or mitigated things where the bot didn't read or even understand the mitigation. The most generous explanation I have for this to make the report "correct", is that it is inline documentation debt that needs to be addressed.
This is the real AI disruption story, not chatbots writing marketing copy. AI tools finding legitimate kernel vulnerabilities at 10x the rate humans could, and the bottleneck shifting from "finding bugs" to "processing bug reports."
The interesting detail is that most reports are correct. The problem isn't quality, it's volume. The kernel security team is essentially experiencing a DDoS of valid information. Their review process was designed for human-speed input and now it's getting machine-speed input.
This is going to force a rethink of how open source projects handle security disclosures. You either automate the triage (AI reviewing AI's work, which is a weird loop) or you create some kind of proof-of-stake system where reporters put something on the line to submit. Otherwise every project with a public security contact is going to drown in correct-but-overwhelming reports.
The Friday and Tuesday spike pattern is interesting too. Suggests the same AI pipelines running on similar schedules.