AI vulnerability reporting fails maintainers

The article explains how AI-driven tools (e.g., Google's Project Naptime, OpenAI's Aardvark) are accelerating discovery of long‑standing and new software vulnerabilities—citing high‑profile findings such as CVE‑2024‑9143 in OpenSSL—and how the resulting flood of reports is overwhelming volunteer open‑source maintainers. It highlights debates over whether large organizations should provide fixes, the risk that the same tools lower the barrier for attackers, and potential AI-based solutions (CodeMender, CVE‑Genie) to validate and remediate vulnerabilities.