AI has not only led to a surge of spam on social media platforms but has also significantly impacted the open-source programming community. Similarly, fact-checking tools like X's Community Notes are struggling to handle the enormous volume of misinformation. Contributors to open-source projects have been voicing their frustrations, as they are forced to dedicate substantial time to evaluate and debunk erroneous reports generated by AI code-generation tools.

Recently, The Register covered concerns raised by Seth Larson in his blog post. Larson, an on-site security developer with the Python Software Foundation, highlighted the increasing number of "extremely low-quality security reports filled with spam and LLM hallucinations" within open-source projects. He added, "These reports appear legitimate at first glance, necessitating time to rebut them." This trend poses a significant threat to major open-source projects that underpin much of the internet, such as Python, WordPress, and Android, which are typically maintained by a small number of unpaid contributors. Exploitation of genuine bugs in widely-used codebases could have far-reaching consequences. Larson noted that although he has observed a relatively small number of AI-generated spam reports so far, their incidence is on the rise.

Another developer, Daniel Sternberg, criticized a reporter for wasting his time, suspecting the report was AI-generated. He remarked, "You submitted a seemingly AI-created 'report' alleging security issues, possibly influenced by AI. Subsequently, you wasted our time by not disclosing that it was AI-generated and continued to provide more seemingly AI-produced spam responses."

Code generation has become an increasingly popular application for large language models, although many developers remain skeptical about their practical utility. Tools such as GitHub Copilot or the built-in code generators in ChatGPT can efficiently produce scaffold code, which forms the foundational framework necessary to initiate any project. These tools are also valuable for locating functions within programming libraries that developers may be less familiar with, thereby assisting them in quickly finding the required code snippets.

However, like any language model, they are prone to hallucinations, generating incorrect code or only providing partial code snippets. These models do not "understand" code; they merely estimate the most probable content you might need based on available information. To develop a complete project, developers still need a fundamental understanding of the programming language being used to debug issues, define build objectives, and integrate all independent code blocks. Consequently, domain experts suggest that junior developers will be most directly affected by these tools. Simple applications that can be built solely with AI may have already been created.

Platforms like HackerOne offer rewards for successful bug reports, which could incentivize some individuals to use ChatGPT to search codebases for vulnerabilities and submit error information returned by large language models (LLMs).

Spam has long been a presence on the internet, but AI has made its generation significantly easier. It appears we are confronting a situation that requires more technological solutions, such as CAPTCHA verifications for login interfaces, to address this issue. Undoubtedly, this is an unfortunate scenario that represents a significant waste of everyone's time.