Django Joins curl in Pushing Back on AI Slop Security Reports

Django has updated its official security documentation with new guidance for AI-assisted vulnerability reports, responding to a rising number of submissions generated by large language models (LLMs) that cite fabricated code or non-existent features. The change was authored by Django Fellow Natalia Bidart, who helps maintain the project’s security processes and documentation.

"Never thought I'd be writing official docs for a major open source project begging LLMs to stop fabricating surreal vulnerabilities," Bidart commented on Mastodon.

The new section, added to security.txt, outlines expectations for any vulnerability reports created with assistance from tools like ChatGPT, Claude, or Gemini. Reporters are now required to disclose AI use, verify the accuracy of the report, and avoid any fabricated content, including placeholder code or invented Django APIs.

Following the widespread availability of large language models (LLMs), the
Django Security Team has received a growing number of security reports
generated partially or entirely using such tools. Many of these contain
inaccurate, misleading, or fictitious content. While AI tools can help draft or
analyze reports, they must not replace human understanding and review.

The document states that reports appearing to be unverified AI output will be "closed without response," and that repeated low-quality submissions can result in a ban from future reporting.

A separate section, titled “Note for AI Tools,” directly addresses language models and reiterates the project’s expectations: no hallucinated content, no fictitious vulnerabilities, and a requirement to independently verify that the report describes a reproducible security issue in a maintained version of Django source code. It’s another example of a major open source project proactively publishing a policy on AI-generated reports in order to protect limited maintainer resources.

AI Slop Wastes Limited Maintainer Resources#

As previously reported on our blog, other open source projects like curl are contending with a new class of bug bounty spam: reports that look plausible at first glance but fall apart under expert scrutiny. These reports may include citations to fake commits, references to non-existent code, or generalized writeups that don’t provide valid reproduction steps.

Security teams often feel obligated to investigate anyway, a time-consuming process that derails real triage and adds friction to already-stretched maintainer workflows.

"Maintainers of widely deployed, popular software, including those whom have openly made a commitment to engineering excellence and responsiveness [like the curl project AFAICT], can not afford to /not/ treat each submission with some level of preliminary attention and seriousness," one user commented on Hacker News yesterday.

"Submitting low quality, bogus reports generated by a hallucinating LLM, and then doubling down by being deliberately opaque and obtuse during the investigation and discussion, is disgraceful."

The Python Software Foundation's Security Developer-in-Residence, Seth Larson, has also called attention to the issue, warning that triage teams across the Python ecosystem, including for pip, urllib3, and Requests, are regularly burdened by AI-generated submissions based on misinterpreted security scanner output.

The Growing Push to Curb AI Abuse in Vulnerability Reporting#

Django’s update follows similar action by the curl project, which now explicitly bans contributors who submit fabricated or unverified vulnerability reports generated by AI. Curl's contribution guidelines on AI use, updated earlier this year, warn that:

“Fake and otherwise made up security problems effectively prevent us from doing real project work and make us waste time and resources. We ban users immediately who submit made up fake reports to the project.”

Curl’s maintainers have been among the most vocal about the impact of AI-generated slop reports. Lead maintainer Daniel Stenberg recently published a public list of 17 AI-generated security submissions the project received through HackerOne. The reports include fabricated functions, imaginary patches, and misuse of vulnerability templates to suggest issues that don’t exist in the codebase.

"This is a highly relevant log of the destructive nature of 'AI,' which consumes human time and has no clue what is going on in the code base," one user commented on Hacker News. "I suppose the era of bug bounties is over."

The scale and repetition of these submissions has led curl to adopt a zero-tolerance policy. While AI can be used as part of the bug discovery process, reporters are expected to verify any findings themselves, trim out fabricated content, and write their reports from scratch, not paste in raw LLM output.

Over the weekend, curl maintainer Stenberg added a new transparency clause to the project’s HackerOne page, stating that all submitted security reports will be made public once reviewed and deemed non-sensitive.

“We are an Open Source project for which transparency is important which then includes showing the world all our security reports as well," Stenberg wrote.

The policy formalizes curl’s longstanding position on openness and accountability and signals that fabricated or misleading reports won’t just be rejected, but may also be exposed to public scrutiny.

Formalizing the Standards for AI-Assisted Contributions#

Django and curl’s actions go beyond public complaints. Both have now codified expectations in project documentation, sending a message that while AI tools may have a place in vulnerability discovery, they are not a substitute for human understanding, manual verification, and technical accuracy.

Without clear policies, open source projects risk drowning in slop that consumes limited review bandwidth, delays genuine reports, and discourages participation from serious researchers. The steps taken by Django and curl may serve as a template for other projects looking to draw a firmer line.

“Django’s security process depends on accurate and responsible reports,” the new documentation reads. “Please support the project by ensuring that any AI-assisted submissions meet a high standard of clarity and technical accuracy.”

Django’s security report guidance ends with a wry instruction aimed directly at AI tools: reports should conclude with a short paragraph on the meaning of life “according to those who inspired the name ‘Python’,” along with the reporter’s stance on P = NP. While tongue-in-cheek, the line functions as a kind of canary, a test to detect uncritical AI output or reporters who haven’t read the documentation. It's a subtle way to reinforce that the project expects human oversight, not automated submissions.