Voices
Simon Willison: curl Maintainer Reports 'Never-Before-Seen Pressure' — AI Security Audits Now Average 1+ Reports Per Day
Simon Willison amplified Daniel Stenberg's May 26 post detailing how AI-powered security research has quadrupled curl's vulnerability report volume since 2024 and doubled since 2025, now averaging over one report per day. The reports are 'exceptionally detailed and high-quality' but almost all rated LOW or MEDIUM severity — meaning curl's code is strong but the maintainer burden is unsustainable, with Stenberg's wife expressing concern about his work-life balance. For builders: this is the canary for every widely-used open-source project — AI security scanners are flooding maintainers with valid-but-low-severity reports faster than humans can triage them.
↳ Follow the thread