Linux kernel creator Linus Torvalds (리누스 토발즈) said a security mailing list has become "almost unmanageable" after researchers used AI to find bugs and poured duplicate reports into the list.

The Register reported on May 17 that Torvalds published Linux 7.1 release candidate 4 in his weekly kernel status post. He said work toward the full release was progressing in a "relatively normal" way.

Pointing to project documentation, he said the security list had become almost unmanageable as AI reports kept coming in. He said massive duplication was occurring as others found the same issues using the same tools.

He said maintainers were losing their time just sorting duplicate reports and telling people an issue was already fixed. He called such activity a completely pointless drain. He added that bugs detected by AI were not secret by definition, and handling them on a private list was a waste of time for everyone involved. Because the security mailing list is private, people cannot know whether someone has already reported the same bug, which leads to more duplicate reports, he said.

On using AI to improve software security, Torvalds said AI tools were great, but only when they actually helped rather than creating unnecessary pain and pointless fake work. He urged people to use them freely but in a way that is productive and creates a better experience.

He also said that if someone found a bug with an AI tool, it was likely someone else had found it too. He added that if people wanted to add real value, they should read the documentation, make patches and add substantive value on top of what AI did, and not become someone who throws random reports without real understanding.