https://falcao.org/tags/kernel/Recent content in Kernel on Danilo Falcão da SilvaHugoen-usSat, 23 May 2026 10:00:00 -0300https://falcao.org/posts/ai-bug-discovery-revolution/Sat, 23 May 2026 10:00:00 -0300https://falcao.org/posts/ai-bug-discovery-revolution/<p>On May 18, 2026, Linus Torvalds called the Linux kernel security mailing list <strong>&ldquo;almost entirely unmanageable.&rdquo;</strong> The reason: a flood of AI-generated bug reports. The reaction was predictable — ban AI, blame researchers, declare the tools aren&rsquo;t ready.</p> <p>I <a href="https://falcao.org/posts/ai-bug-reports-open-source/">wrote about the maintenance crisis last week</a> and I think that framing misses the deeper story. The problem is not that AI is generating too many reports. <strong>The problem is that the code was more broken than we thought, and for twenty years nobody had the tools to look at it properly.</strong></p>https://falcao.org/posts/ai-bug-reports-open-source/Wed, 20 May 2026 10:00:00 -0300https://falcao.org/posts/ai-bug-reports-open-source/<p>On May 18, 2026, Linus Torvalds said the Linux kernel security mailing list had become <strong>&ldquo;almost entirely unmanageable&rdquo;</strong> because of duplicate AI-generated bug reports. Two months earlier, longtime stable maintainer <strong>Willy Tarreau</strong> had already shared the numbers: a list that received two to three reports per week in 2024 was getting <strong>five to ten reports per day</strong> by March 2026. In January, <strong>Daniel Stenberg shut down the curl bug bounty</strong> after the valid-report rate on HackerOne dropped from above 15% to below 5%, with twenty submissions in 21 days — seven of them in one 16-hour window — and zero real vulnerabilities among them.</p>