The article highlights the growing issue of AI-generated vulnerability reports in the bug bounty industry, particularly how they burden maintainers of open-source software (OSS). The author, with nearly a decade of experience in security, notes a troubling trend: many reports submitted are low quality or outright false, which he refers to as "AI slop." These submissions often lack a solid understanding of the codebase and its context, leading to confusion and wasted time for security teams. For instance, Daniel Stenberg, who maintains curl, reports that about 20% of security submissions are AI-generated slop, with genuine vulnerabilities dropping to around 5%. This alarming ratio means that for every valid report, there are four fake ones, consuming hours of expert time to debunk. The impact of these invalid reports is significant. Maintainers, often working with limited time and resources, find themselves sifting through numerous submissions that don't hold up under scrutiny. The author illustrates this with an example of a false report claiming a buffer overflow, which required the collective effort of three volunteers to confirm its invalidity. They spent an hour and a half only to discover it was based on incorrect information. This kind of scenario is common, leading to burnout among security teams. A survey indicated that 45% of open-source maintainers cited burnout as their primary challenge, exacerbated by the relentless influx of AI-generated noise. The author's insights reflect a broader concern about the integrity of the bug bounty process and the motivations behind mass submissions. Some submitters aim for recognition (like CVEs) without genuine validation of their claims. This incentivization leads to a situation where the quality of vulnerability reports suffers, placing an additional burden on those trying to maintain the security of OSS projects. The ongoing struggle between genuine security research and the chaos introduced by AI-generated submissions poses a pressing problem for the industry.