Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’

posted by Roy Schestowitz on May 18, 2026,
updated May 23, 2026

He then pointed kernelistas to the project’s documentation, which he wrote “might be worth highlighting” as “the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.”

“People spend all their time just forwarding things to the right people or saying ‘that was already fixed a week/month ago’ and pointing to the public discussion,” Torvalds complained.

Read on

Update

More here:

• Linus Torvalds slams AI-generated bug reports for breaking GNU/Linux kernel development

  A deluge of automated Hey Hi (AI) bug reports has pushed Linux's security team to a breaking point. Torvalds is demanding a massive change from drive-by contributors.

Original:

• Linux 7.1-rc4

  You all know the drill by now - another week, another release candidate.
  
  
  Things continue to look fairly normal (where "normal" is the "new
  normal" with a fair amount of changes). Drivers are about half the
  patch, with GPU leading the way as is tradition. But there's a little
  bit of everything in driver land.
  
  
  The rest is mostly networking, core kernel, filesystems, and arch updates.
  
  
  Some of the documentation updates might be worth highlighting: the
  continued flood of AI reports has basically made the security list
  almost entirely unmanageable, with enormous duplication due to
  different people finding the same things with the same tools. People
  spend all their time just forwarding things to the right people or
  saying "that was already fixed a week/month ago" and pointing to the
  public discussion.
  
  
  Which is all entirely pointless churn, and we're making it clear that
  AI detected bugs are pretty much by definition not secret, and
  treating them on some private list is a waste of time for everybody
  involved - and only makes that duplication worse because the reporters
  can't even see each other's reports.
  
  
  AI tools are great, but only if they actually help, rather than cause
  unnecessary pain and pointless make-believe work. Feel free to use
  them, but use them in a way that is productive and makes for a better
  experience.
  
  
  The documentation may be a bit less blunt than I am, but that's the
  core gist of it. So just to make it really clear: if you found a bug
  using AI tools, the chances are somebody else found it too. If you
  actually want to add value, read the documentation, create a patch
  too, and add some real value on *top* of what the AI did. Don't be the
  drive-by "send a random report with no real understanding" kind of
  person. Ok?
  
  
                Linus
  

• Kernel prepatch 7.1-rc4

  The 7.1-rc4 kernel prepatch is out for Some of the documentation updates might be worth highlighting: [...] (He is referring to this pull request with patches from Willy Tarreau defining what constitutes a security bug and responsible ways to use Hey Hi (AI) to find bugs).

More today:

• Linux Kernel 7.1 RC4 Released: Torvalds Slams "Pointless" AI Bug Reports

  In the Linux 7.1-rc4 announcement mail, Linus Torvalds noted that these reports have made the kernel security mailing list almost impossible to manage.

  "Some of the documentation updates might be worth highlighting: the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools."

GoL:

• Linux head says "AI tools are great" but they're making the security list "almost entirely unmanageable" | GamingOnLinux

  While announcing the fourth release candidate for Linux kernel 7.1, Linux head Linus Torvalds had some interesting words to say about AI.

Also in ghacks:

• Linus Torvalds Says AI-Generated Bug Reports Have Made GNU/Linux Security Mailing List Unmanageable

  Linux creator Linus Torvalds has said that the GNU/Linux kernel's security mailing list has become almost impossible to manage due to an influx of AI-generated bug

Tom's Hardware:

• Linus Torvalds says flood of duplicate AI-generated vulnerability reports have made Linux security mailing list 'almost entirely unmanageable' — private list 'a waste of time for everybody involved' in switch to new public system

  "AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved."

Lots more, but some might be slop:

• Linux creator says AI has made bug report handling "almost entirely unmanageable"

  Linux creator Linus Torvalds said that the flood of AI-generated bug reports has actually overwhelmed the Linux kernel's security mailing list. According to him, different researchers are increasingly using the same AI tools and sending duplicate reports of the same problems.

• Dolphin Publications B V ☛ Torvalds criticizes surge in AI-generated bug reports for the Linux kernel

  Linus Torvalds (photo) has harshly criticized the growing flood of AI-generated bug reports within the Linux kernel community. According to the creator of Linux, automated analyses are increasingly resulting in duplicate reports and extra work for developers, without providing any substantive added value.

  Torvalds made his comments upon the release of Linux 7.1-rc4, the latest release candidate of the kernel. He describes the technical progress of that version as largely normal. About half of the changes consist of driver updates, with GPU code again accounting for a large share. In addition, the update includes changes to network functionality, the kernel core, filesystems, and architecture-specific components.

• Notebook Check ☛ Linux developers overwhelmed by AI-generated bug reports

  Linux kernel developers are reportedly dealing with a rising number of AI-generated bug reports, creating extra work for maintainers and slowing down parts of the review process.

  The issue is linked to users relying on large language models to automatically generate vulnerability reports and bug submissions and send them straight to maintainers. Although some of these reports point to legitimate issues, many are inaccurate, duplicated, or of too low-quality to be useful, forcing developers to spend additional time filtering real problems from false positives.

  According to recent community discussions, maintainers across several open-source projects — including parts of the Linux ecosystem — say the volume of automated submissions has increased noticeably in recent months. Some developers have described the trend as “AI slop,” overwhelming issue trackers and review queues. What was already an issue a couple of years ago has now apparently gotten even worse.

• Linus Torvalds comments on “unmanageable” AI bug reports for Linux maintainers

  Linus Torvalds has started speaking out about a growing problem in the Linux community, and it revolves around AI-generated bug reports. While AI tools are becoming more common in software development – even AI-generated code is accepted in the Linux kernel now – they are also creating a massive amount of extra work for Linux maintainers.

• Linus Torvalds says Linux security list is becoming ‘unmanageable’ due to AI bug reports

  Linux founder Linus Torvalds said in his most recent state of the kernel post that "the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools," as The Register reports. That probably doesn't apply to stuff like the "Copy Fail" exploit, which was detected with help from AI and affected nearly every Linux distro. "The documentation may be a bit less blunt than

• Security Boulevard ☛ Torvalds Offers Guidance as AI Bug Reports Clog Up Linux Security Workflow

  Linux kernel maintainers are confronting a new operational problem tied to the rapid adoption of AI-assisted coding tools, as too many people are reporting the same vulnerabilities at the same time.

• Torvalds warns AI bug reports are flooding Linux maintainers [Ed: It looks like an LLM slopfarm]

More slop:

• Linus Torvalds says AI bug reports made Linux security list unmanageable [Ed: Definitely LLM slop]

A couple more:

• XDA ☛ Linux developers are getting bombarded with AI-generated bug reports, and Linus isn't happy

  During the release candidate cycle for Linux 7.0, Linus began noticing something weird. The number of bug reports for Linux 7.0 was higher than usual, but the issues found were pretty minor and not worth delaying the release. At the time, Linus suspected that the rise in reports was due to people using AI tools to scan for and identify bugs, and it turns out, he was right.

  Now, as we move into what Linus calls "the new normal" with a larger-than-average number of bug reports, it turns out that people aren't properly reporting the issues their AI assistants find. And Linus is getting a little peeved over it.

• TechRadar ☛ 'Almost entirely unmanageable': Linus Torvalds says AI bug hunters have ruined Linux security mailing list

  The Linux security mailing list is now “almost entirely unmanageable”, since researchers started using Artificial Intelligence (AI) to flood it with useless reports, lead maintainer Linus Torvalds has warned.

  After describing the latest release candidate as “fairly normal” in his latest weekly state of the kernel post, addressing things like drivers, networking, core kernel, and more, Torvalds stressed that “some of the documentation updates might be worth highlighting.”

  “The continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools,” he said. “People spend all their time just forwarding things to the right people or saying "that was already fixed a week/month ago" and pointing to the public discussion”.

• Linus Torvalds Flags AI-Generated Bug Spam on Linux Security List [Ed: This definitely seems like slop in a slopfarm]

Two more today:

• Digital Trends ☛ AI is raising hell for Linux managers buried under a flood of dupe bug reports [Ed: Slop is not "AI", it's slop]

  AI may be finding Linux bugs faster than humans can sort them.

  In the Linux 7.1-rc4 update, Linus Torvalds said the kernel’s security list has been swamped by AI-assisted bug reports, many of them duplicates from people using similar tools and finding the same issues. The release itself looks routine, with drivers making up about half the patch and GPU fixes leading the way.

  The sharper warning is about what happens after an AI tool flags a possible flaw. Torvalds is drawing a line between useful AI-assisted work and submissions that arrive without verification, context, or patches. Those weak reports are turning bug sorting into extra work for the people maintaining Linux.

• The Verge ☛ Linus Torvalds says Linux security list is becoming ‘unmanageable’ due to AI bug reports [Ed: Torvalds admits slop is ruining his project; that won't stop LF shilling it for bribe money]

  Linux founder Linus Torvalds said in his most recent state of the kernel post that “the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools,” as The Register reports.

Also here:

• Linux Magazine ☛ AI Flooding the Linux Kernel Security Mailing List

  AI is giving Linus Torvalds a headache, but not in the way you might think.

2 more:

• ZDNet ☛ Linus Torvalds on the AI claim that makes him angry, and what security researchers should never do [Ed: Slop does not replace humans, it's attacking their workflows]

  Speaking at the Linux Foundation's Open Source Summit North America, Linux creator Linus Torvalds said modern AI tools are reshaping how developers work on the kernel, driving up contribution volume and exposing new social and security stresses in the open‑source world. But he insisted "AI is a great tool, but it's a tool" rather than a wholesale replacement for programmers.

• Yahoo ☛ AI Bug Reports Have Made Linux Security List Unmanageable, Creator Says

  Linux creator and lead developer Linus Torvalds warns that the Linux kernel's security mailing list has become "almost entirely unmanageable" due to a flood of AI-generated bug reports. In his Linux 7.1-rc4 update, he notes that AI-powered bug hunters now produce a high volume of reports that are often duplicates of each other or of issues that human developers have already fixed.

More from Yahoo:

• [Slop] is raising hell for Linux managers buried under a flood of dupe bug reports

  [Slop] may be finding Linux bugs faster than humans can sort them.

  In the Linux 7.1-rc4 update, Linus Torvalds said the kernel’s security list has been swamped by [Slop]-assisted bug reports, many of them duplicates from people using similar tools and finding the same issues. The release itself looks routine, with drivers making up about half the patch and GPU fixes leading the way.