'Almost entirely unmanageable': Linus Torvalds says AI bug hunters have ruined Linux security mailing list

News
By published

Everyone is using AI to report on the same flaws, Torvalds say

Linus Torvalds
(Image credit: Mayank Sharma)
  • Linus Torvalds warns AI‑generated bug reports are overwhelming the Linux security mailing list with duplication and noise
  • He urged researchers to add real value by creating patches instead of submitting random automated findings
  • Similar concerns have already led projects like curl and HackerOne’s Internet Bug Bounty Team to shut down or restrict bug bounty programs

The Linux security mailing list is now “almost entirely unmanageable”, since researchers started using Artificial Intelligence (AI) to flood it with useless reports, lead maintainer Linus Torvalds has warned.

After describing the latest release candidate as “fairly normal” in his latest weekly state of the kernel post, addressing things like drivers, networking, core kernel, and more, Torvalds stressed that “some of the documentation updates might be worth highlighting.”

“The continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools,” he said. “People spend all their time just forwarding things to the right people or saying "that was already fixed a week/month ago" and pointing to the public discussion”.

Latest Videos From

Entirely pointless churn

Torvalds stressed these reports are “entirely pointless churn”, since most of the bugs AI tools detects are “pretty much by definition not secret”, and that reporting that “only makes duplication worse”.

Besides complaining, Torvalds also gave a few concrete pointers, telling researchers to use AI “in a way that is productive and makes for a better experience”:

“The documentation may be a bit less blunt than I am, but that's the core gist of it,” he concluded. “If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by "send a random report with no real understanding" kind of person.”

Torvalds is not the first person to point to people using AI to cause a flood of pointless reports. In late January this year, the developers of curl, the open source command-line tool and software library, announced they were killing their HackerOne bug bounty program for the same reasons.

HackerOne also recently reported the Internet Bug Bounty Team, which it manages, would no longer reward researchers who identify and reward bugs.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.