Flood of duplicate vulnerability reports have made Linux security mailing list 'almost entirely unmanageable' — Linus Torvalds says private list 'a waste of time for everybody involved' in switch to new public system
Linus Torvalds has declared the Linux kernel's private security mailing list unmanageable due to a surge in duplicate vulnerability reports generated by AI tools. He stated that AI-discovered bugs are inherently public and should be reported directly to maintainers, not through a private list that wastes everyone's time. The project has updated its documentation to reflect this, requiring AI-assisted bug reports to be handled as public disclosures and encouraging researchers to contribute patches alongside their findings. AI
IMPACT AI-generated bug reports are overwhelming security teams, necessitating new policies for public disclosure and human oversight.