Linus Torvalds Critiques AI-Powered Bug Hunters for Linux Security
Linus Torvalds Critiques AI-Powered Bug Hunters for Linux Security
Linux kernel boss Linus Torvalds has declared that the project’s security mailing list has become “almost entirely unmanageable” due to multiple researchers using AI to find bugs and then filling the list with duplicate reports.
Torvalds highlighted that “the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.” 😟
He complained that “People spend all their time just forwarding things to the right people or saying ‘that was already fixed a week/month ago’ and pointing to the public discussion.” He believes that kind of chatter is “all entirely pointless churn” and isn’t productive because “AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved - and only makes that duplication worse because the reporters can’t even see each other’s reports.”
Torvalds further offered an opinion on how best to use AI to improve software security. He wrote, “AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work.” He added, “Feel free to use them, but use them in a way that is productive and makes for a better experience.”
Torvalds clarified: “If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don’t be the drive-by ‘send a random report with no real understanding’ kind of person.”
Torvalds’ remarks contrast with recent comments from fellow kernel maintainer Greg Kroah-Hartman, who recently told The Register that AI has become an increasingly useful tool for the FOSS community.