cURL's maintainer, Daniel Stenberg, announced the termination of the project's bug bounty program due to overwhelming submissions of low-quality, AI-generated reports. Stenberg's decision, effective January 2026, follows a trend he noticed since early 2024, where the number of AI-generated bug reports surged. Despite acknowledging that AI can produce valuable bug-hunting tools, the flood of submissions has created a significant burden on the security team. Last week, only seven submissions were received, none of which identified real vulnerabilities. Stenberg hopes that ending the bounty will discourage the submission of poorly researched reports. He expressed a desire for developers to continue reporting actual security vulnerabilities, even without financial incentives. He also shared insights on his approach to dealing with those who submit frivolous reports, noting that public criticism might help educate misguided individuals. However, he maintained that there's a limit to his patience, especially when dealing with submissions that waste the team's time. Stenberg's comments highlight the tension in balancing community engagement with the practical needs of maintaining software security.