{"podcast":{"title":"Day Two DevOps","slug":"day-two-devops","podcast_index_feed_id":341814,"rss_url":"https://feeds.packetpushers.net/day2cloud/","website_url":"https://packetpushers.net/","image_url":"https://static.feedpress.com/logo/day2cloud-669fc5e024d4b.jpg","author":"Packet Pushers","episode_count":250,"summary":"Join hosts Ned Bellavance and Ethan Banks as they dive deep into the challenges of cloud operations from the perspective of seasoned practitioners. You'll hear from expert guests—technical leaders, trainers, and consultants with years of hands-on experience—discussing the nuances of modern cloud environments. From AWS to Azure, networking to security, automation to DevOps, each weekly episode equips you with the insights to confidently address tech and business challenges such as resilience, cost management, and performance. Whether you want to hone your skills today or prepare for what’s coming next, Day Two Cloud cuts through the vendor fog to guide you through a shifting IT landscape.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/day-two-devops"},"episode":{"title":"D2DO277: AI Security Submissions at Curl Dev","slug":"d2do277-ai-security-submissions-at-curl-dev","published_at":"2025-07-16T13:59:22+00:00","page_url":"https://stenobird.com/podcast/day-two-devops/d2do277-ai-security-submissions-at-curl-dev","show_page_url":"https://stenobird.com/podcast/day-two-devops","url":"https://packetpushers.net/podcasts/day-two-devops/d2do277-ai-security-submissions-at-curl-dev/","audio_url":"https://feeds.packetpushers.net/link/20975/17097132/D2DO277.mp3","summary":"Daniel Stenberg, the creator of curl, discusses the rising tide of low-quality, AI-generated security reports flooding open-source maintainers. He explores why AI lacks the domain context to distinguish between internal code vulnerabilities and exploitable API flaws.","meta_description":"Curl creator Daniel Stenberg discusses the impact of AI-generated 'slop' on open-source security, false positives, and the limits of LLMs in vulnerability…","key_points":["Main idea: AI-generated security reports often lack the necessary context of API boundaries, leading to reports on non-exploitable internal functions","Failure mode: LLMs frequently hallucinate non-existent repositories and hyperlinks when asked to verify the scope of a vulnerability","Practical takeaway: AI is a useful pattern-matching tool for experts, but it remains a 'blunt tool' that requires heavy human verification","Trend: Approximately 20% of recent security submissions to curl have been identified as 'AI slop' or low-quality automated reports","Risk: High volumes of automated, false-positive reports act as a form of 'sand in the machine,' disrupting the workflow of maintainers"],"chapters":[{"start_ms":205000,"title":"The Origins of curl","summary":"Daniel recounts how curl began in 1996 as a 100-line tool for an IRC bot to track currency rates."},{"start_ms":350000,"title":"Massive Scale and Growth","summary":"A look at curl's evolution from a small utility to 180,000 lines of code used in everything from cars to printers."},{"start_ms":495000,"title":"libcurl and the Internet","summary":"Understanding the massive footprint of libcurl across the global internet infrastructure beyond the command-line tool."},{"start_ms":675000,"title":"The Rise of AI Security Reports","summary":"The emergence of automated security and feature reports and the potential for AI to assist or hinder maintainers."},{"start_ms":825000,"title":"The Bounty Hunter Problem","summary":"How AI-driven automation is being used by individuals to hunt for bug bounties, often leading to low-quality submissions."},{"start_ms":1000000,"title":"Context Loss in AI Explanations","summary":"How using AI to explain bugs can actually obscure the original problem by losing critical technical context."},{"start_ms":1160000,"title":"The Burden of False Positives","summary":"The disruptive impact of high-priority, automated reports that require significant engineering time to debunk."},{"start_ms":1455000,"title":"Navigating AI Slop","summary":"Analyzing the increase in 'AI slop' submissions and the difficulty of managing automated noise in open source."}],"topics":["curl","open source security","artificial intelligence","vulnerability research","software maintenance","libcurl","bug bounties","LLM hallucinations"],"duration_seconds":2110,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/day-two-devops/episodes/d2do277-ai-security-submissions-at-curl-dev/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/day-two-devops/d2do277-ai-security-submissions-at-curl-dev.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}