More The Secure Disclosure episodes

The Creator of Curl on Why AI Is Breaking Bug Bounties w/ Daniel Stenberg thumbnail

The Creator of Curl on Why AI Is Breaking Bug Bounties w/ Daniel Stenberg

Published 16 Mar 2026

Duration: 00:33:36

The Curl project's evolution from a 1996 currency tool to a prominent open-source library highlights community-driven growth, open-source maintenance challenges, AI's impact on security reporting, sustainability issues, and tensions between innovation and unresolved technical risks.

Episode Description

Daniel Stenberg, creator of curl, explains how a small open source tool became core internet infrastructure. The conversation covers curls origin, mai...

Overview

The podcast explores the origins and evolution of the open-source tool Curl, which began as a personal project in 1996 by Daniel Stenberg to fetch currency rates for his IRC bot. Initially based on a minimal tool called HTTPGAT, it gradually expanded into a widely-used utility for handling URLs and HTTP requests. The development process was organic, driven by community contributions, user feedback, and iterative improvements over two decades. Despite its scalenow used in 30 billion applicationsthe project retained its core ethos of simplicity and collaborative refinement. However, the discussion also highlights challenges faced by open-source maintainers, including mental health strains from managing high-impact projects and navigating toxic interactions within the community.

A significant portion of the content revolves around modern challenges in open-source security, particularly the surge in AI-generated vulnerability reports. These reports, often detailed but invalid, overwhelm security teams, consuming time and resources while masking genuine issues. The decision to discontinue the Curl bug bounty program underscores tensions between external funding models and the need for quality control, as platforms like HackerOne struggle with low-validity submissions. Proposed solutionssuch as AI-based filtering, reputation systems, and credential requirementsface trade-offs between reducing spam and excluding new contributors. The dialogue also touches on the broader implications of AIs role in coding and security, noting both its productivity benefits and risks of deepening confusion or undermining foundational knowledge.

The narrative culminates in reflections on the evolving nature of open-source development and its sustainability. Maintainers grapple with balancing inclusivity and quality, ensuring newer contributors are not unfairly sidelined by rigid systems. Simultaneously, the rise of AI in technical fields raises philosophical questions about human adaptability, the erosion of deep technical understanding, and the resilience of the engineering community in confronting increasingly complex systems. The podcast ultimately portrays open source as a dynamic, human-driven endeavor shaped by both technical innovation and the persistent challenges of collaboration, ethics, and unforeseen consequences.

Recent Episodes of The Secure Disclosure

16 Jun 2026 Your Microphone Became a Keylogger w/ David vonThenen

Machine learning analyzes keystroke acoustic signatures to infer typed characters over remote platforms, highlighting high accuracy with known keyboards, privacy risks from surveillance, and challenges in noise and variability, while proposing defenses and noting AI's dual-use implications.

9 Jun 2026 Understand the Software Supply Chain Chaos w/ Roeland Delrue

Rapidly evolving supply chain security threats, including malicious open-source components and AI-driven malware, demand advanced AI-powered solutions like Akito Securitys self-securing software and tailored tools to address vulnerabilities in developer environments and package repositories.

28 May 2026 Prompt Injection Might Never Be Solved w/ Paul Vann

The text details AI security threats like prompt injection, jailbreak attacks, and distillation attacks, along with vulnerabilities such as AI bias and autonomous agent risks, highlighting detection challenges, emerging malware, supply chain exploits, and the industry's struggle to keep pace with rapidly evolving AI technologies.

22 May 2026 AI Broke the Security Ecosystem w/ Chris Hughes

Evolving cybersecurity challenges include supply chain threats, AI vulnerabilities, and outdated tools, highlighting the need for systemic reforms like developer incentives, regulatory clarity, and industry-government collaboration to address gaps in vulnerability management and the dual risks of AI's role in both threat detection and exploitation.

15 May 2026 PostHog is placing a wild bet on AI Coding w/ James Hawkins

Recommended: Should you go open source?

PostHog's open-source analytics platform prioritizes transparency, developer autonomy, and AI integration while critiquing corporate norms, emphasizing price clarity, building in public, and balancing automation with security governance in product development.

More The Secure Disclosure episodes