Comment by amenhotep
1 day ago
As long as the number of people newly being convinced that AI generated bounty demands are a good way to make money equals or exceeds the number of people realising it isn't and giving up, the problem remains.
Not helped, I imagine, that once you realise it doesn't work, an easy pivot is to start convincing new people that it'll work if they pay you money for a course on it.
Apparently FOSS developers have been getting this kind of slop report even though they clearly don't offer a bug bounty.
There are no shortage of people wanting to be able to say they found CVE-XXXX-XXX or a bug in product X.