Open source maintainers struggle with low-quality AI-generated security reports

Open source maintainers are facing an increase in low-quality, AI-generated security reports, which are wasting their time and contributing to burnout. These reports often appear legitimate, making it difficult for maintainers to quickly dismiss them. Seth Larson, a security report triage worker, suggests that platforms should implement measures to prevent the automated creation of these reports. He also recommends that maintainers treat low-quality reports as malicious and respond minimally to them. Other maintainers, like Daniel Stenberg, have noted that AI-generated reports can seem more credible, requiring more time to investigate. This trend diverts valuable resources away from productive work on projects.