←back to thread

XBOW, an autonomous penetration tester, has reached the top spot on HackerOne

(xbow.com)
283 points summarity | 2 comments | 24 Jun 25 15:53 UTC | HN request time: 0.431s | source
Show context
ryandrake ◴[24 Jun 25 18:09 UTC] No.44369008[source]
Receiving hundreds of AI generated bug reports would be so demoralizing and probably turn me off from maintaining an open source project forever. I think developers are going to eventually need tools to filter out slop. If you didn’t take the time to write it, why should I take the time to read it?
replies(7): >>44369097 #>>44369153 #>>44369155 #>>44369386 #>>44369772 #>>44369954 #>>44370907 #
1. Nicook ◴[24 Jun 25 18:41 UTC] No.44369386[source]
Open source maintainers have been complaining about this for a while. https://sethmlarson.dev/slop-security-reports. I'm assuming the proliferation of AI will have some significant changes on/already has had for open source projects.
replies(1): >>44375089 #
2. nestorD ◴[25 Jun 25 09:00 UTC] No.44375089[source]
Yes! I recently had to manually answer and close a Github issue telling me I might have pushed an API key to github. No, "API_KEY=put-your-key-here;" is a placeholder and I should not have to waste time writing that.