Hi everyone,
I’m a Master’s student at TU Delft currently researching how AI-generated security bug reports are affecting OSS maintainers and security triage practices.
With the increasing use of LLMs and AI tools to generate vulnerability reports, I’m interested in understanding whether maintainers are seeing changes in the quality and volume of reports they receive, how they distinguish genuine findings from noisy or AI-assisted submissions, and whether existing triage workflows and tools are adapting well to these changes.
I would genuinely love to hear perspectives from maintainers here, even informally in this thread.
Additionally, if anyone involved in handling security or vulnerability reports for OSS projects would be open to a short 30–45 minute research interview, I’d really appreciate connecting.
Thanks!