Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib6mzlo2m2wc3a6ykamfp2nxnhjf3dl5tw35ohamlpyquhd2cscem",
    "uri": "at://did:plc:rrwxywdlrz5fkwj5g4u4jnrk/app.bsky.feed.post/3mhk5ezmyuss2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifsfnxbhk4fgptfzfad4tjy6mtccinuzlldkxfhm5y3f6ldbu3nf4"
    },
    "mimeType": "image/jpeg",
    "size": 9504192
  },
  "path": "/article/4148203/stop-using-ai-to-submit-bug-reports-says-google-2.html",
  "publishedAt": "2026-03-20T16:50:53.000Z",
  "site": "https://www.csoonline.com",
  "tags": [
    "Artificial Intelligence, Open Source, Software Development",
    "Google wrote in a blog post",
    "volume of AI-generated bug submissions overwhelming",
    "said Greg Kroah-Hartman of the Linux kernel project",
    "Alpha-Omega",
    "pen Source Security Foundation",
    "InfoWorld"
  ],
  "textContent": "Google will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software. However, it is contributing to a separate program that uses AI to strengthen security in open-source code.\n\nThe Google Open Source Software Vulnerability Reward Program team is increasingly concerned about the low quality of some AI-generated bug submissions, with many including hallucinations about how a vulnerability can be triggered or reporting bugs with little security impact.\n\n“To ensure our triage teams can focus on the most critical threats, we will now require higher-quality proof (like OSS-Fuzz reproduction or a merged patch) for certain tiers to filter out low-quality reports and allow us to focus on real-world impact,” Google wrote in a blog post.\n\nThe Linux Foundation too is finding the volume of AI-generated bug submissions overwhelming and has sought financial help from AI companies including Google, Anthropic, AWS, Microsoft, and OpenAI to deal with the problem. Together, they are contributing $12.5 million to the foundation to improve the security of open-source software.\n\n“Grant funding alone is not going to help solve the problem that AI tools are causing today on open-source security teams,” said Greg Kroah-Hartman of the Linux kernel project in a blog post. “OpenSSF has the active resources needed to support numerous projects that will help these overworked maintainers with the triage and processing of the increased AI-generated security reports they are currently receiving.”\n\nThe funding will be managed by open source security project Alpha-Omega and the Open Source Security Foundation (OSSF) and will be used to provide AI tools to help maintainers deal with the volume of AI-generated submissions.\n\n“We are excited to bring maintainer-centric AI security assistance to the hundreds of thousands of projects that power our world,” said Alpha-Omega co-founder Michael Winser.\n\n_This article first appeared on InfoWorld._",
  "title": "Stop using AI to submit bug reports, says Google"
}