{"slug": "the-pressure", "title": "The pressure", "summary": "The curl project's security team is facing unprecedented pressure from a flood of AI-assisted security reports, with incoming reports now 4-5 times higher than 2024 levels and averaging more than one per day. Project lead Daniel Stenberg reported that the workload has become so intense that his wife expressed concerns about his work hours for the first time. Despite the volume, curl remains solid software with most vulnerabilities rated LOW or MEDIUM severity, and no HIGH severity CVEs since October 2023.", "body_md": "`curl`\n\nteam are facing right now thanks to the deluge of (credible) AI-assisted security issues being reported.\nThe rate of incoming security reports is 4-5 times higher than it was in 2024 and double the speed of 2025 -- meaning that\n\non average we now get more than one report per day. The quality is way higher than ever before. The reports are typicallyverydetailed and long. [...]For the first time in my life, my wife voiced concerns about my work hours and my imbalanced work/life situation. I work more than I’ve done before, but the flood keeps coming. [...]\n\nThis is a never-before seen or experienced pressure on the curl project and its security team members. An avalanche of high priority work that trumps all other things in the project that is primarily mental because we certainly\n\ncouldignore them all if we wanted, but we feel a responsibility, we have a conscience and we are proud about our work.\n\nThe good news is that `curl`\n\nis a very solid piece of software, so the vulnerabilities people are finding tend not to be of high severity:\n\nWhat is also a good trend: almost no one finds\n\nterriblevulnerabilities. All vulnerabilities found the last few years in curl haveallbeen deemed severity LOW or MEDIUM. I'm not saying there won't be any more HIGH ever, but at least they are rare. The[most recent severity high curl CVE]was published in October 2023.\n\nVia [Lobste.rs](https://lobste.rs/s/dw02ye/pressure)\n\nTags: [curl](https://simonwillison.net/tags/curl), [security](https://simonwillison.net/tags/security), [ai](https://simonwillison.net/tags/ai), [generative-ai](https://simonwillison.net/tags/generative-ai), [llms](https://simonwillison.net/tags/llms), [daniel-stenberg](https://simonwillison.net/tags/daniel-stenberg), [ai-ethics](https://simonwillison.net/tags/ai-ethics), [ai-security-research](https://simonwillison.net/tags/ai-security-research)", "url": "https://wpnews.pro/news/the-pressure", "canonical_source": "https://simonwillison.net/2026/May/26/the-pressure/#atom-everything", "published_at": "2026-05-26 23:48:45+00:00", "updated_at": "2026-05-27 00:04:35.295041+00:00", "lang": "en", "topics": ["ai-safety", "ai-research", "ai-products"], "entities": ["curl", "Lobste.rs", "Simon Willison"], "alternates": {"html": "https://wpnews.pro/news/the-pressure", "markdown": "https://wpnews.pro/news/the-pressure.md", "text": "https://wpnews.pro/news/the-pressure.txt", "jsonld": "https://wpnews.pro/news/the-pressure.jsonld"}}