Linux kernel maintainer Greg Kroah-Hartman reported a dramatic improvement in AI-generated bug reports over the past month, describing an unexplained shift from “AI slop” to legitimate security findings across major open source projects. Speaking at KubeCon Europe this week, Kroah-Hartman said the change has affected not just Linux but all major open source projects. The Register reported on his comments from the March 26 interview.
The transformation represents a stark contrast from previous months when kernel maintainers received what Kroah-Hartman called “AI-generated security reports that were obviously wrong or low quality.” He noted that “months ago, we were getting what we called ‘AI slop’… It was kind of funny. It didn’t really worry us.” However, he emphasized that “something happened a month ago, and the world switched. Now we have real reports.”
Kroah-Hartman conducted his own experiments with AI-generated patches, using what he described as “a really stupid prompt” that produced 60 potential fixes. According to his testing, “about one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right.” While the working patches still required human cleanup, better changelogs, and integration work, he characterized them as “far from useless.”
The phenomenon extends beyond Linux to affect all major open source projects, with security teams across projects reporting similar experiences. “All open source security teams are hitting this right now,” Kroah-Hartman said, noting that security teams “get together informally and talk a lot, because we all have the same problems.” Smaller projects face greater challenges absorbing the sudden influx of legitimate AI-generated reports compared to larger, more distributed teams like the Linux kernel maintainers.
Neither Kroah-Hartman nor other open source security teams can explain the sudden improvement. “We don’t know. Nobody seems to know why,” he said, speculating that “either a lot more tools got a lot better, or people started going, ‘Hey, let’s start looking at this.'” The Linux kernel team has begun seeing patches with co-development tags acknowledging AI assistance, primarily in code review rather than full authorship of new features.
