Here's the latest #curl hackerone issue I mentioned the other day: https://hackerone.com/reports/2871792 another one of those "we found a function call so therefore your program must be vulnerable".

Disclosed for educational purposes. Don't do this.

@bagder the report feels like it was written by AI :/

@lexplt it does indeed

@bagder I'm amazed by the patience you handle these reports with...

@bagder This might be easy to spot but just wait until the AI starts to sound some what convincing enough that you actually need to waste energy thinking about it

@bagder I wonder how much money you can actually make from spamming big bounty programs with AI reports.

I'm certain it's more than nothing.

@troed probably not zero, but these reports are so low quality that I doubt these particular ones will manage to get much. This is similar to how people have always tried just running security scanners against products and reported whatever the tools said, without understanding the output at all.

@bagder h1 should really start to ban AI bots

@BrodieOnLinux yeah, and also, possibly, ideally, crossing my fingers, at some point in a future they might also start actually being USEFUL...

@codecolorist I don't think these are bots. These are humans using AI copy and paste.

@bagder *human puppets operated by ai

@bagder That would certainly be a good change

@bagder Maybe you could just add a define like `-Dsafe_strcpy=strcpy` but then again they don't seem to have looked at the code at all.

@slyecho I am a strong believer in clear and readable code. So no weirdo defines/macros unless necessary.

@buherator @bagder this, this so much