AI Is Spamming Open Source Repos with Fake Issues
thenewstack.ioIt's like Hacktober (where a few YouTube assholes showed a bunch of non-developers how to waste maintainer's time with bogus PRs in order to get free stuff from DigitalOcean) except substantially worse because these issues take longer to dismiss. Horrible.
Also, there are (or were) organizations that give their programmers incentives for finding and filing CVEs. Naturally that's lead to lots of low-quality CVEs, and with AI and other automated tools it's become easy for low-information programmers to generate reports on code they have zero understanding of.
Examples: https://github.com/apache/airflow/issues?q=is%3Aissue%20stat...
Other than the content (which indeed makes no sense), these usually can be recognized by subjective adjectives and polish language[1].
A related problem has hammered the National Vulnerability Database and similar repos with CVEs, as far back as 2023: https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-eve...