LLMs are finding bugs where there aren't any and wasting human time trying to disprove the slop.

If all LLM reports were accurate, they'd be of any value. However, that's not what is happening. If you have even mentioned something about a bug bounty anywhere, waves of slop peddlers will flood you with fake reports marking every minor bug as a critical problem, hoping to catch a handful of dollars in the process.

These models do find some problems and may even provide decent suggestions to fix them (though they really want to add code above anything else, quickly leading to spaghetti if you accept it all). That's not the issue at the moment, and as long as people try to incentivize people to report bugs, the issue will remain.

I do expect this to be temporary, though. Not because LLMs will fix all the bugs, but because the flood of slop will shut down most public bug bounties.