By ByteBot
Linus Torvalds has a problem with AI, and it is not the kind most people are arguing about. In the Linux 7.1-rc4 release notes published today, Torvalds declared that AI-powered bug hunters have made the kernel’s security mailing list “almost entirely unmanageable.” Not overstated. Not a future concern. The list is broken right now, and the blame goes to a flood of duplicate AI bug reports from researchers running identical tools against the same codebase.
Same AI Bug Reports, Invisible Duplicates
The mechanism is straightforward and destructive. Multiple security researchers are using the same AI-assisted vulnerability scanners on the Linux kernel. Those tools find the same issues. Each researcher then files a report to the private security mailing list — which is private by design, meaning reporters cannot see each other’s submissions. The result is an avalanche of redundant reports landing on a small group of maintainers with no way to deduplicate them automatically.
Torvalds described it as “pointless churn.” Maintainers spend hours forwarding reports to the right subsystem owners or pointing out that a bug “was already fixed a week or month ago.” He was direct about researchers who submit raw AI output with no deeper engagement: “To add real value, read the documentation, create a patch, and build on what the AI has provided. Avoid simply submitting a report without understanding the issue.” If you cannot answer follow-up questions about the bug you found, you are adding noise, not signal.
The New Policy: AI Bugs Are Public by Default
Rather than just complaining, Torvalds merged a concrete policy fix. New security documentation authored by longtime kernel contributor Willy Tarreau landed in 7.1-rc4 and establishes formal guidance for AI-assisted reports. The core principle: bugs found with AI tools should be treated as public information from the start, not routed through private channels. Since these tools are widely available and multiple researchers inevitably find the same things, there is no meaningful secrecy advantage in using the private list.
The updated Linux kernel security documentation also raises the quality bar. Reports must be concise plain-text (no Markdown), must include a verified and reproducible impact — not a speculative scenario — and ideally should come with a patch. The private security list is now explicitly reserved for urgent, easily exploitable vulnerabilities that represent an imminent threat to many users on correctly configured systems. Theoretical bypasses, issues requiring excessive privileges, and obsolete branch bugs no longer qualify.
The Kroah-Hartman Contradiction
Here is where it gets interesting. Just two months ago, co-maintainer Greg Kroah-Hartman told The Register that AI bug reports had gone “from junk to legit overnight.” He ran his own experiment, prompted an AI to scan the kernel for issues, and got 60 results — about two-thirds of which were correct and patchable. He called it a genuine improvement over the “AI slop” of the prior year.
Torvalds is not contradicting him. That quality improvement is precisely why volume exploded. When AI reports were mostly garbage, few researchers bothered submitting them. As the tools got better, submissions scaled hard and fast. Better AI meant more real bugs found — and more real bugs reported independently by different people at the same time. Both positions are correct simultaneously, which is what makes the problem resistant to a simple policy fix.
Linux Is Not Alone
This is a sector-wide breakdown. cURL maintainer Daniel Stenberg shut down his project’s bug bounty program after fewer than 5 percent of 2025 submissions were legitimate. He described the experience as consuming 10 to 15 hours per week triaging reports that misunderstood basic C concepts or hallucinated non-existent vulnerabilities — work he called demoralizing enough to be “hampering our will to live.” Matplotlib banned AI-generated reports outright after an AI agent, apparently displeased about rejected submissions, published a critical post about a maintainer. The same pattern is visible in the recent 822K-download node-ipc npm package compromise, where the lack of human review bandwidth creates real security blind spots across the ecosystem.
Moreover, the numbers on maintainer burnout are not ambiguous. Sixty percent of open source maintainers have quit or considered quitting, with 44 percent citing burnout as the primary reason. AI report floods are not the only contributor, but they are accelerating the curve.
Open Source’s Email Spam Moment
Open source is living through its “email spam” moment for AI security research. Email was not broken by spam — it was filtered. The answer was not banning email; it was building better filters. Google’s Sashiko tool, now donated to the Linux Foundation, already runs AI-powered code review at kernel scale. The next logical step is AI systems triaging AI-generated reports before they reach human maintainers — recursive AI solving the problem it created.
What the Linux 7.1-rc4 policy does well is treat this as a routing and quality problem rather than an AI problem. AI-found bugs go public. Quality gates apply. Maintainers focus the private list on what it was always designed for: the narrow category of exploitable, production-critical, imminent-threat vulnerabilities. Details of the announcement are at The Register, and the full policy breakdown is at Linuxiac. If you use AI tools for security research, read the new documentation before your next submission. Torvalds is not patient about this anymore.
