AI models let non-experts craft real and fake vulnerabilities at scale. They spit out low-quality noise and the occasional high-value report.
Reports flood OSS maintainers. Triage, patching, release cadences, and downstream upgrade/compliance pipelines buckle under the load.
Guidance recommends publishing threat models, requiring tested PoC and example fixes, adopting AI-assisted triage, and tracking triage metrics.
