Dear god. Just, look at this one report [1] - it's worthless LLM slop iterating on top of more worthless LLM slop, but the initial report is just plausible enough to waste a huge amount of time and energy to investigate and respond. Personally, I would try to run as far away as possible to avoid having to deal with this bullshit. Sternberg has the patience of a saint.
I think the solution might be to only give awards to vulnerabilities with a working poc.
Dear god. Just, look at this one report [1] - it's worthless LLM slop iterating on top of more worthless LLM slop, but the initial report is just plausible enough to waste a huge amount of time and energy to investigate and respond. Personally, I would try to run as far away as possible to avoid having to deal with this bullshit. Sternberg has the patience of a saint.
[1] https://hackerone.com/reports/2298307
Cue AI hypesters proclaiming that the only solution to detecting AI slop submissions is running them through AI.