Are other organizations still getting valuable reports on bug bounty programs? Pretty much all of the ones we have received recently at PowerDNS have turned out to be AI lies, to the point I'm seriously considering shutting down our program. Legitimate researchers are almost always contacting us by other means, and I don't want to keep wasting time looking into false, impossible to reproduce reports.

@rgacogne A different thought is to keep it open for a few more months, and each report that you feel is AIish, reply something like "this feels like AI, please prove you are human and that you tested this yourself." The result might be useful to others as the shared problem gets worse.

@paulehoffman @rgacogne Based on what I saw in case of cURL reports shared by @bagder this is pretty much guaranteed to result in more slop replies trying to defend their homework.

@buherator @paulehoffman @bagder That's exactly what we see: endless bullshit trying to justify past lies until we decide we have had enough.

@rgacogne @buherator @bagder Is there a pattern that can be learned from? Or am I just hopelessly optimistic?

@paulehoffman @rgacogne @buherator @bagder but if we state pattern next time around they'll avoid it. And if you don't close quickly, some may think there really is a bug. You have to teach the humans to not do this

@paulehoffman @rgacogne @buherator the only pattern I see is that humans are easily mislead by what the AI has told them. Presumably because they don't actually know what they're reporting and they believe the AI is right. Surely if it says there is a problem there must be one?