Linus Torvalds is tired of useless bug reports generated by AI

The widespread adoption of AI tools for code analysis has created unexpected problems for open-source operating system developers. In a recent report on the state of the kernel, Linux founder and lead Linus Torvalds sharply criticized security researchers for flooding the team with identical reports generated by neural networks. This is reported by Ixbt.com reports.

According to Torvalds, the endless stream of AI messages has made the private security mailing list unmanageable. The problem is exacerbated by excessive data duplication, as different people use the same popular AI tools to find the exact same bugs in the same code. Linus emphasized that if a vulnerability is found using AI, it is highly likely that someone else has already found it.

The Linux leader announced that bugs found by neural networks will no longer be considered confidential. Reviewing them in private mode is pointless, as report authors do not see each other's submissions and continue to send duplicates. Torvalds stated that he is not against AI technology, but it should provide real value instead of just creating the appearance of work. He urged researchers to study documentation and write ready-made patches based on AI advice.

This statement comes against the backdrop of the Copy Fail (CVE-2026-31431) exploit, which has affected almost all Linux distributions since 2017. This critical bug was found in just one hour with the help of AI, but in that case, experts provided working and verified exploit code, which distinguishes it from hundreds of "junk" submissions.

The GitHub platform is facing a similar problem. Company security engineer Jarom Brown warned about a wave of low-quality AI reports. He noted that raw neural network output is useless noise. Brown urged bug hunters to focus on quality rather than quantity, reminding them that one verified high-quality bug is valued higher than ten AI guesses.