The curl team is drowning. Daniel Stenberg reported this week that security vulnerability reports are coming in at more than one per day, quadruple the rate from 2024. These aren’t junk reports. They’re detailed, credible, and overwhelmingly AI-assisted. For the first time in his life, Stenberg says, his wife is worried about his stress levels.
Meanwhile, millions of AI agents just became vulnerable to a critical security flaw. The BadHost vulnerability in Starlette, an open source package with 325 million weekly downloads, puts AI systems at risk of the exact kind of exploit that AI security tools are supposed to catch.
The irony is perfect. AI security scanners have become so good at finding vulnerabilities that they’re overwhelming the humans who have to fix them. But the AI agents doing the scanning are themselves running on vulnerable infrastructure.
This isn’t sustainable.
The numbers from the curl project are stark. Security reports have doubled from 2025 and increased 4-5x from 2024. The reports are longer and more detailed than ever before. They require serious investigation. And they keep coming.
This is what success looks like for AI security tools, and it’s a disaster for open source maintenance. The same pattern is likely hitting every major open source project. More reports means more work, and open source maintainers are already stretched thin.
The quality improvement is real. AI tools can analyze codebases at scale and spot vulnerability patterns that humans might miss. But flooding maintainers with reports faster than they can possibly address them doesn’t make software more secure. It just makes maintainers burn out faster.
The BadHost flaw in Starlette highlights why this matters. Starlette is widely used in AI agent frameworks. It’s the kind of foundational infrastructure that AI security tools should be protecting. But with 325 million weekly downloads, the attack surface is enormous.
When AI agents are vulnerable to critical security flaws while simultaneously generating security reports faster than humans can process them, something is broken in the system.
The problem isn’t that AI security tools work too well. It’s that we’ve automated vulnerability discovery without automating the fix process. We’ve created a firehose of security issues without creating the capacity to address them.
Google just overhauled Search at I/O 2026, replacing traditional results with AI agents. DuckDuckGo app installs jumped 30% as users rejected being “force-fed” AI. But user preference isn’t the biggest risk with AI agent deployment at scale.
The security model is. We’re deploying AI agents across critical infrastructure, from search engines to development tools to enterprise systems. These agents need to be secure. But the open source packages they depend on are maintained by people who are already overwhelmed by AI-generated security reports.
This creates a nasty feedback loop. As AI agents proliferate, they generate more security reports. As security reports increase, maintainer capacity decreases. As maintainer capacity decreases, vulnerabilities take longer to fix. As vulnerabilities persist longer, AI agents remain vulnerable.
The curl team’s experience is a canary in the coal mine. If one of the most mature, well-maintained open source projects in the world can’t keep up with AI-assisted security reports, what happens to smaller projects with fewer resources?
The solution isn’t to stop using AI security tools. The vulnerabilities are real and they need to be found. But we can’t keep dumping them on volunteer maintainers and hoping they’ll somehow keep up.
We need to fund open source maintenance at a level that matches the security expectations we’re placing on these projects. That means companies deploying AI agents need to pay for the infrastructure they depend on. Not with bounties or one-off grants, but with sustained funding for the people doing the actual work.
Or we need AI tools that can propose and validate fixes, not just identify problems. If AI can generate detailed vulnerability reports, it should be able to generate detailed patches. Some tools are moving in this direction, but not fast enough.
The current model where AI tools make work for humans isn’t going to scale. We’re already seeing it break in real time with projects like curl. The question is whether we fix this before a major security incident forces us to, or whether we wait for the inevitable disaster.
Right now, we’re racing toward the latter. The curl team is under unprecedented pressure. AI agents are sitting on vulnerable infrastructure. And the security reports keep coming faster than anyone can handle them.
Something has to give. The smart move is to make sure it’s the funding model, not the maintainers.
One email at dawn. The five stories that mattered, with the bits removed and the meaning kept. Free, for now.