Curl will stop bug bounties program due to avalanche of AI slop
techradar.com
- Curl ends HackerOne bug bounty due to fake and AI-generated vulnerability reports
- Developers say incentives led to abuse, overwhelming the security team with invalid submissions
- From February 2026, bug reports move to GitHub with no financial rewards
The developers of curl, the open source command-line tool and software library, are killing their HackerOne bug bounty program because they are being flooded with fake problems and vulnerabilities.
In a new advisory published on GitHub, it was said that the program is being sunsetted at the end of January, 2026.
“Up until the end of January 2026 there was a curl bug bounty. It is no more,” the document reads. “The curl project no longer offers any rewards for reported bugs or vulnerabilities. We also do not aid security researchers to get such rewards for curl problems from other sources either.”
Copyright of this story solely belongs to techradar.com . To see the full text click HERE