There was already suspicion that LLMs generated a large batch of bogus CVEs not long ago. I suspect that CVE-2023-38898 which targeted #Python and wasn't reported to the Python Security Response Team was a part of that batch.
Now curl gets explicit proof that "security researchers" are submitting reports direct from an LLM without any double-checking. As if handling vulnerabilities wasn't hard enough for #OpenSource maintainers!
@sethmlarson We should have "researchers" put down a deposit and they get it back if that is a credible research and not AI hallucination.
I have searched in the Bard about this vulnerability
Are people really calling it "the Bard" now?
@sethmlarson if this isn’t a malicious attempt to defraud bug bounty programs, then it shows an incredible degree of ignorance about the basics of how LLMs work and how security works