month Mutation Baffles Linux Kernel Guru: “AI Junk” Last Month, Reliable AI Bug Reports This Month?
month Mutation Baffles Linux Kernel Guru: “AI Junk” Last Month, Reliable AI Bug Reports This Month?
https://eu.36kr.com/en/p/3748150234989061
Publish Date: 2026-04-01 10:03:00
Source Domain: eu.36kr.com
Recently, developers involved in open – source project maintenance may have a strange illusion: it seems that there are more and more accurate Bug reports. To be more precise, the Bug reports generated by AI have suddenly become “reliable”.
This is not an accidental phenomenon in individual projects, but a change that has almost synchronously occurred across the entire open – source world. At the recent KubeCon Europe, Greg Kroah – Hartman, a core maintainer of the Linux kernel, gave a somewhat disturbing piece of information:
“About a month ago, something seemed to change. Now, the AI – generated reports we receive are all truly valuable Bug reports.”
The problem is – no one knows what happened.
From ‘AI junk’ to ‘real reports’ in just one month
Greg recalled that just a few months ago, the Linux kernel team was being “harassed” by something: “We used to call it AI slop.”
Most of these AI – generated security reports had obvious problems: illogical reasoning, non – existent vulnerabilities, confusing descriptions, and even inconsistent code paths. For maintainers, they were more of a distraction than a help.
Fortunately, the Linux kernel maintainer team is large enough to tolerate such distractions. However, for some small projects, the situation is not so optimistic. For example, the cURL project led by Daniel Stenberg once directly stopped its Bug bounty program due to the flood of AI junk reports because it was simply unable to distinguish between true and false reports.
But then a turning point suddenly appeared – Greg described it straightforwardly: “After a certain point in time, the situation suddenly changed.”
Now the situation is as follows:
● Most of the Bug reports submitted by AI are verifiable real problems;
● The report structure is clearer, and the analysis path is more reasonable;
● It is no longer ‘random guessing’ but a security analysis approaching the level of human developers.
More importantly, this is not a phenomenon unique to…
