In February 2026, Daniel Stenberg did something no open-source maintainer wants to do: he shut down curl's bug bounty. Not because the bugs dried up. Because the reports flooded in. Roughly eight times the normal volume, about one in five describing vulnerabilities that did not exist. AI had written them.
This is AI slop — and curl is just one casualty. The same flood is drowning music streaming, academic journals, search results, and the comment section you scrolled past this morning. In December 2025, Merriam-Webster made it official: "slop" is the 2025 Word of the Year, defined as "digital content of low quality that is produced usually in quantity by means of artificial intelligence." The Economist picked the same word.
This is the complete story of where AI slop came from, why it is everywhere, and the one defense that actually holds. 🌊
TL;DR: AI slop is low-quality, mass-produced AI content created at scale with little human review — Merriam-Webster's 2025 Word of the Year. It floods search, music, academia, and open source because platforms reward volume, not verification. The durable fix is not less AI but provenance: owned, signed, human-reviewed work. Taskade Genesis builds AI apps you actually own, with version history and an auditable chain of custody.
🗺️ AI Slop at a Glance: How the Flood Happened
AI slop went from internet slang to Merriam-Webster's 2025 Word of the Year in under three years. The term describes low-quality AI content mass-produced with minimal curation. Its rise tracks one curve: as generation got cheaper, the cost of flooding any open platform — search, streaming, code repositories — dropped to near zero.
The same engine that powered the AI boom — cheap, fluent generation — also powered its shadow. Every breakthrough that made AI useful also made slop free to produce.
🐷 What Is AI Slop (and Why Is It Called "Slop")?
AI slop is low-quality, mass-produced AI-generated content — text, images, code, audio, or bug reports — created at scale with minimal human curation or verification. The word borrows from farm slang: the liquid food scraps fed to pigs. The metaphor is deliberate. Slop is indiscriminate bulk output, cheap to produce, and not meant for careful human consumption.
The etymology is older than AI. "Slop" meant "soft mud" in the 1700s, drifted to "food waste" in the 1800s, and became "rubbish" or "a product of little or no value" in casual speech. Generative AI gave the old word a perfect new target. There was no single coiner; the term bubbled up across developer forums, art communities, and 4chan-adjacent corners through 2023 and 2024, then went fully mainstream in 2025.
Slop vs. Hallucination: What's the Difference?
A hallucination is a model confabulating false information within a single output — a technical failure inside the model. AI slop is the operational deployment of low-quality output at scale, usually for reach or profit, with little human review. Hallucination is a symptom; slop is the business model. A single AI hallucination is an accident. Ten thousand hallucinated bug reports filed by a script is slop.
| Dimension | Hallucination | AI Slop | Honest AI Use |
|---|---|---|---|
| Scale | Single output | Mass-produced | Any |
| Intent | Unintended error | Volume for reach or profit | Augment human work |
| Human review | Not applicable | None or minimal | Required and signed |
| The fix | Better models | Better incentives | Provenance + attestation |
The distinction matters because the fixes are different. You fix hallucination with better models. You cannot fix slop with better models — better models make more convincing slop, faster. Slop is fixed at the level of incentives and accountability.
💸 Why Slop Exists: The Economics of Scale
AI slop exists because every major platform monetizes volume, not quality. Spotify, YouTube, Amazon Kindle, search engines, and bug-bounty programs all scale on throughput — more uploads, more reports, more pages. Generative AI dropped the cost of producing that throughput to near zero. Slop is not a glitch in this system. It is the system's rational, predictable output.
Consider the gradient. One Ahrefs analysis estimated that roughly 11% of indexed web pages were already auto-generated by 2024. Google responded with a "scaled content abuse" policy in September 2024, explicitly targeting mass-produced low-value pages — an admission that the open web's core ranking assumption (that producing content costs effort) had broken. When producing a thousand pages costs a dollar, "publish more" stops being a signal of value and becomes pure noise.
Until platforms reward verification over volume, every downstream defense — detectors, watermarks, media-literacy guides — is friction, not a cure. The economic gradient still points toward slop. This is why the writer Cory Doctorow folds slop into his broader theory of "enshittification": platforms degrade because the incentives reward degradation.
The same dynamic explains "workslop" — AI-generated memos, reports, and pull requests that look like work but offload the real thinking onto whoever receives them. Research from Stanford and HBR suggests knowledge workers now lose hours re-doing or untangling low-quality AI output passed to them by colleagues. The cost did not vanish; it moved downstream to a human.
🌍 Where Slop Lives: A Cross-Domain Tour
AI slop is ecosystem-wide, not a search problem. The same pattern — cheap generation exploiting an open, trust-based platform — repeats across six domains: web search, music streaming, academic publishing, knowledge bases, the workplace, and open source. Each shows volume overwhelming the human systems built to vet contributions.
| Domain | What slop looks like | Key 2024-26 signal |
|---|---|---|
| Web / Search | Auto-generated SEO farms, fake answers | Google AI Overviews told users to put "glue on pizza"; ~11% of indexed web auto-generated |
| Music streaming | Ghost artists, AI tracks gaming royalties | Deezer reported flagging tens of thousands of AI tracks per day |
| Academia | Tortured phrases, fabricated citations | "Vegetative electron microscopy" surfaced in hundreds of 2024 papers |
| Knowledge bases | AI stub articles, fake references | Wikipedia launched WikiProject AI Cleanup in 2024 |
| Workplace | "Workslop" memos and AI drafts | Stanford/HBR research: hours lost re-doing low-quality AI output |
| Open source | Hallucinated CVEs, low-effort AI pull requests | curl saw ~8x report spike, ~20% hallucinated |
The "tortured phrases" example is the most darkly funny. Researchers found papers using "vegetative electron microscopy" — a nonsense phrase born from an AI mangling "scanning electron microscopy" — in hundreds of publications, a fingerprint of text laundered through paraphrasing tools to dodge plagiarism detectors. The slop did not just get published; it got cited.
Does AI Training on Slop Cause "Model Collapse"?
Yes — when models train on AI-generated text without human filtering, output quality can degrade generationally, a documented effect researchers call model collapse. Each generation of model trained on the previous generation's output drifts further from real human data, like a photocopy of a photocopy. This makes today's slop a tax on tomorrow's models: the more the web fills with synthetic text, the harder it becomes to train good models on it. The effect is research-supported, though its real-world severity at web scale is still debated.
THE ASYMMETRY THAT BREAKS THE SYSTEMGenerate an AI bug report .......... ~2 minutes, fractions of a cent
Triage + reproduce + reject ........ 30 minutes to 3 hours of a human expert
Spammer cost: near zero
Maintainer cost: the scarcest resource in open source — human attention
That asymmetry — cheap to produce, expensive to refute — is the engine under every domain in the table. Nowhere is it sharper than in open source.
🔓 Open Source Under Siege: The Sharpest Edge
Open source is where AI slop bites hardest, because maintainers are volunteers and contributions run on trust. In February 2026, curl ended its bug bounty after an eightfold spike in reports — roughly 20% describing hallucinated vulnerabilities. HackerOne saw vulnerability submissions jump sharply year over year while the valid share stayed near a quarter. The triage burden is crushing the people who keep the internet's plumbing alive.
curl maintainer Daniel Stenberg put it bluntly: the project was being drowned in confident, well-formatted, completely fabricated security reports. Each one looked legitimate enough that a human had to read it, attempt to reproduce it, and write a rejection. Multiply that by hundreds, and the bounty — designed to find real bugs — became a denial-of-service attack on the maintainers themselves.
This is what Terraform core contributor Bruno Schaatsbergen calls being "killed with kindness." Most submitters are not malicious; they genuinely want to contribute. They just will not put in the effort, so they point an agent at a repo and ship whatever it produces. His rule for staying on the right side of the line is simple: don't outsource your thinking. Use AI to draft and research, but stay the author who reviews, tests, and is liable for the result. Ownership equals authorship equals accountability — a principle that maps directly onto cognitive offloading, the broader habit of letting tools do your thinking for you.
Maintainers have stopped waiting for platforms to fix the incentive and started defending themselves.
| Project / Body | Response | Date |
|---|---|---|
| curl | Closed HackerOne bounty, moved to GitHub triage | Feb 2026 |
| Ghostty | Deny-by-default "vouch" trust model | Jan 2026 |
| tldraw | Auto-close unsolicited external pull requests | Jan 2026 |
| Linux kernel | "Assisted-by" tag; a human stays liable | Apr 2026 |
| CISA + allied agencies | Agentic-AI secure-adoption guidance | May 2026 |
| Big Tech consortium | Multi-million-dollar maintainer support fund | 2026 |
What Is the curl / HackerOne AI Slop Case?
The curl case is the defining example of AI slop breaking responsible disclosure. Stenberg closed the bounty after AI reports hit roughly eight times normal volume with about 20% hallucinating vulnerabilities that did not exist, then routed reports to GitHub for human-first review. It signaled a shift across open source: from trust by default to prove yourself first.
What Does "Open Source Is Neither a Community Nor a Democracy" Mean?
It is the governance frame, argued by Ruby on Rails creator David Heinemeier Hansson (DHH), that a maintainer's vision — not a popularity vote — decides what gets merged. A pull request with a hundred upvotes can still be rejected if it does not fit the project. In the slop era this "benevolent dictator" model is not a flaw; it is the defense. The maintainer's right to say no is what keeps quality intact when anyone can generate a plausible-looking contribution in seconds. Mitchell Hashimoto's terminal Ghostty encodes the same logic in software: "Open source has always been a system of trust. Now it's just default deny."
👤 The Human Cost: Slop as Displacement, Not Just Noise
AI slop is not only a content problem — it is a labor problem. The people most affected are not readers annoyed by junk; they are the creators and maintainers whose work slop imitates and displaces. Most coverage treats this as a footnote ("it harms artists"). For the humans on the receiving end, it is existential.
The pattern is the same everywhere the economics of scale apply. On music platforms, royalty pools are divided across streams — so every fraudulent AI track flagged (Deezer reported tens of thousands per day) skims real money from human musicians without adding a single listener of genuine value. Illustrators and writers watched stock-image and content-mill commissions evaporate through 2025 as buyers chose "good enough" AI output. And in open source, the cost is measured in burnout: a maintainer spending 30 minutes to 3 hours refuting a single fabricated report, hundreds of times over, until they walk away from a project the entire internet depends on.
Slop isn't a content problem. It's a labor problem. The machines are doing the work; the humans are stuck doing the triage. That inversion — humans demoted from authors to janitors of machine output — is the real cost, and it is why the durable fixes all center on restoring human authorship rather than filtering machine volume.
This is also the honest case for tools that keep humans in the authoring seat. The goal of good AI tooling is not to replace the creator but to make their judgment go further — to augment, not automate away, the person who is accountable for the result. That distinction is the whole game, and it is where the defense begins.
🕳️ The Trust-Collapse Loop: From Slop to Backdoor
Slop's deepest danger is not noise — it is camouflage. When a platform drowns in low-signal junk, malicious signal hides inside it. The xz utils backdoor (CVE-2024-3094) showed the endgame: an attacker using the alias "Jia Tan" spent more than two years building community trust before slipping a backdoor into a compression library used across Linux. It was caught in March 2024 almost by luck, by Microsoft engineer Andres Freund noticing a half-second delay. Veritasium made it famous with a February 2026 explainer.
Connect the two stories and the threat model snaps into focus. xz proved that trust itself is the attack surface. Slop attacks the same surface from the other side: it exhausts the reviewers whose attention is the only thing standing between a healthy project and a planted exploit. A burned-out maintainer drowning in fake reports is exactly the maintainer who waves through the "helpful" patch that turns out to be a backdoor. There is even a new flavor of supply-chain risk named for it — "slopsquatting," where attackers register the fake package names that AI assistants hallucinate, waiting for a developer to copy-paste an install command for a library that never existed.
The encouraging counter-example is FluxCD. Maintainer Stefan Prodan pointed AI agents at reproducing incoming bug reports — using the same technology, aimed at verification instead of volume. The agents do the expensive reproduction work; the humans make the judgment calls. The lesson is not that AI is the villain. It is that AI pointed at verification defends a project, while AI pointed at volume attacks it. The tool is neutral; the incentive is everything.
🛡️ Can You Fight Slop? Detection, Labeling, and Why Both Fall Short
You can slow AI slop, but detection alone cannot stop it. AI detectors misfire in both directions. Stanford researchers found detection tools flag a meaningful share of non-native English writing as AI-generated — one study reported a majority of essays by non-native writers misclassified — while a University of Reading study saw 94% of actual AI-written answers go undetected in real exams. Watermarks like Google's SynthID help but degrade under paraphrase. Labeling laws add accountability but, crucially, exempt human-reviewed work — which turns out to be the real signal.
| Layer | Mechanism | Strength | Limit |
|---|---|---|---|
| Detect | AI detectors, SynthID watermarks | Cheap, scalable | False positives; an arms race |
| Label | C2PA Content Credentials, EU AI Act Art. 50 | Standards-backed, legally enforced | Metadata can be stripped |
| Govern | Human-in-the-loop review | Discharges EU labeling duty | Requires discipline and time |
| Own | Provenance, signed work, version history | Auditable, portable proof | Needs platform support |
The labeling layer is maturing fastest. The C2PA Content Credentials standard attaches a cryptographic "nutrition label" to media; most major camera makers have committed to it, and recent flagship phones sign photos at capture. Google's SynthID has watermarked many billions of AI-generated items. And the EU AI Act's Article 50 transparency rules take effect August 2, 2026, requiring AI-generated content to be machine-readable as such, with penalties up to 15 million euros or 3% of global turnover.
But notice the load-bearing exception buried in the law: content that underwent genuine human editorial review is largely exempt from the labeling duty. The regulators landed in the same place the maintainers did. The thing that distinguishes signal from slop is not a watermark you can strip — it is a human who took responsibility.
How Do You Spot AI Slop?
Look for generic, hedge-heavy phrasing; fabricated or non-existent citations; logical inconsistencies; repetitive structure; code that does not run; and — most reliably — the absence of a named, accountable author. The catch is that every visual or stylistic fingerprint fades as models improve. "Six fingers" and "as an AI language model" are already gone. Detection-by-vibe is a depreciating asset, which is why the durable signal is provenance, not appearance.
Is AI Slop Illegal?
Not inherently. But mass-produced, unvetted content can breach deceptive-practice rules, copyright, and platform terms of service, and the EU AI Act adds disclosure duties from August 2026. Most enforcement today is platform-level — Google demoting scaled-content abuse, music services purging fraudulent uploads, journals retracting fabricated papers — rather than courts. The legal floor is rising, but slowly.
✅ The Real Antidote: Provenance, Not Abstinence
The durable answer to AI slop is not less AI — it is provenance. Detectors lose an arms race. Watermarks get stripped. "Ban AI" is unenforceable and punishes honest creators. What survives is proof: owned work with a version history, a named human reviewer, and a signed, auditable chain of custody. Ownership plus authorship equals accountability — the one property slop can never fake.
Every other defense treats the symptom. Provenance addresses the actual definition. Recall what makes slop slop: it is anonymous, disposable, and shipped without anyone taking responsibility. Owned, reviewed, signed work is the structural opposite. This is why the EU's human-review carve-out and the maintainers' deny-by-default models converge on the same answer — and why emerging "proof of human authorship" efforts are racing to make that chain of custody portable.
The decision, stripped to its core, is a short tree:
IS THIS OUTPUT TRUSTWORTHY? Is it owned? (you control the source + history)
|
+-- No --> treat as slop until proven otherwise
|
Yes
v
Reviewed by a named, accountable human?
|
+-- No --> verify before you ship it
|
Yes
v
Signed / version-controlled? (who changed what, when)
|
+-- No --> provenance gap; add a paper trail
|
Yes
v
--> Trustworthy: capability WITH a chain of custody
Notice the first node is the AI generation itself, deliberately shown in muted gray. AI is in the loop — it should be. The trust does not come from removing the model. It comes from everything that happens after.
🧬 How Taskade Genesis Builds Provenance-Native AI
The antidote to AI slop is not less AI — it is owned, provenanced, reviewed AI. Taskade Genesis is candidly an AI app builder: it generates code, orchestrates AI agents, and runs automations. That is exactly why the provenance layer is built in, not bolted on. Every app you create with Taskade Genesis carries a version history, role-based access across seven permission levels (so you can see who changed what and when), and the ability to publish, sign, and fork apps to the public Community Gallery with their provenance intact.
When an AI agent generates a feature, that generation is part of the record. When you review, edit, or test it, those human-in-the-loop actions belong to you and your role. You own the output — not the model provider, not us — and the edit history is the proof. That is the thesis of this entire article in product form: ownership + version history + human-reviewed checkpoints + signed work = the bridge between AI capability and trust. Taskade Genesis does not remove AI from the equation. It makes AI provenance-native, so what you ship carries a chain of custody instead of a question mark.
This is the Workspace DNA loop at work. Taskade Genesis draws on 15+ frontier models from OpenAI, Anthropic, Google, and open-weight providers, but the model is only the Intelligence layer. Your projects are the Memory, your automations are the Execution, and the whole loop stays owned and auditable.
▲ ■ ● Memory feeds Intelligence, Intelligence triggers Execution, Execution creates Memory — the three-pillar loop that keeps your built work owned, not slopped.
Build a provenance-native app with Taskade Genesis →
📊 AI Slop by the Numbers (2024–2026)
The scale of the slop era is easiest to grasp as a single table of dated, sourced signals.
| Metric | Figure | When |
|---|---|---|
| Merriam-Webster Word of the Year | "slop" | Dec 2025 |
| curl AI bug-report spike | ~8x volume, ~20% hallucinated | Feb 2026 |
| Indexed web pages auto-generated (one estimate) | ~11% | 2024 |
| Deezer AI tracks flagged | tens of thousands per day | 2025 |
| EU AI Act Article 50 transparency in force | up to 15M euro / 3% turnover penalty | Aug 2, 2026 |
| AI answers undetected (Univ. of Reading study) | 94% | 2025 |
Every number above points the same way: generation is winning the volume war, and the only defense that scales with it is proof of human authorship.
🔗 Resources and Further Reading
- Merriam-Webster: Word of the Year 2025 — the official "slop" announcement and definition.
- curl security advisories — Daniel Stenberg's reporting on the AI bug-bounty flood.
- C2PA Content Credentials — the open provenance standard for media.
- The complete history of OpenAI and ChatGPT and history of Anthropic and Claude — how the generation boom began.
- What is vibe coding? and the vibe coding graveyard — AI-assisted building done well, and done badly.
- What is agentic engineering? and agent builders explained — using agents with verification, not just generation.
- How to humanize AI content — the editing discipline that turns drafts into owned work.
- The SaaSpocalypse, explained and open-source LLMs — the bigger shifts slop sits inside.
💬 Frequently Asked Questions About AI Slop
What is AI slop?
AI slop is low-quality, mass-produced AI-generated content — text, images, code, audio, or bug reports — created at scale with little human curation or verification. Merriam-Webster named slop its 2025 Word of the Year. The term spans search spam, ghost-artist music, fake citations in academic papers, and hallucinated open-source bug reports.
Why is it called slop?
The word borrows from farm slang for the liquid food scraps fed to pigs: cheap, indiscriminate, and not meant for careful consumption. Applied to AI, slop captures bulk output produced with minimal effort or review. The metaphor stuck because it conveys waste-tier quality and scale at once, which is why Merriam-Webster chose it for 2025.
What is the difference between AI slop and hallucination?
A hallucination is a model confabulating false information within a single output, a technical failure. AI slop is the operational deployment of low-quality output at scale, usually for reach or profit, with little human review. Hallucination is one symptom; slop is the business model. A hallucinated bug report becomes slop when thousands are filed automatically.
Why does AI slop exist?
AI slop exists because major platforms reward volume, not verification. Search engines, streaming services, publishers, and bug-bounty programs all scale on throughput, and generative AI dropped the cost of producing that throughput to near zero. Slop is the rational output of that incentive structure, which is why detection and media-literacy guides treat the symptom rather than the cause.
How does AI slop affect open source?
AI slop floods volunteer maintainers with unvetted contributions and fabricated bug reports. In February 2026 curl ended its bug bounty after roughly an eightfold spike in reports, about 20 percent describing vulnerabilities that did not exist. HackerOne saw submissions rise sharply year over year while valid reports stayed near a quarter, pushing projects toward deny-by-default trust models.
What is the curl and HackerOne AI slop case?
curl maintainer Daniel Stenberg closed curl's HackerOne bug bounty in February 2026 after AI-generated reports overwhelmed triage: roughly eight times the normal volume, with about 20 percent hallucinating non-existent vulnerabilities. He moved verification to GitHub for human review. The case became the defining example of how low-signal AI noise threatens responsible vulnerability disclosure.
What is the xz utils backdoor lesson for AI slop?
The xz utils backdoor (CVE-2024-3094), discovered in March 2024, was inserted by an attacker who spent over two years building community trust before slipping in malicious code. The lesson: when a platform drowns in low-signal slop, malicious signal hides more easily. Slop accelerates this by exhausting the reviewers meant to catch it.
How do you spot AI slop?
Common signs include generic phrasing, fabricated or non-existent citations, logical inconsistencies, repetitive structure, code that does not run, and the absence of a named, accountable author. These fingerprints fade as models improve, so the most reliable signal is not detection but provenance: whether the work is owned, reviewed by a named human, and signed.
Can AI detectors reliably catch AI slop?
Not reliably. AI detectors misfire in both directions. Stanford research found tools flag a meaningful share of non-native English writing as AI, while one University of Reading study saw 94 percent of actual AI answers go undetected. Watermarks like Google SynthID help but degrade under paraphrase. Detection is an arms race, not proof.
Is AI slop illegal?
AI slop is not inherently illegal, but mass-produced unvetted content can breach deceptive-practice rules, copyright, and platform terms of service. The EU AI Act's Article 50 transparency rules take effect August 2, 2026, requiring AI content to be machine-readable as AI-generated unless it underwent genuine human editorial review, with penalties up to 15 million euros or 3 percent of global turnover.
What is the best way to prevent AI slop?
The durable fix is provenance, not abstinence. Detectors lose an arms race and banning AI punishes honest creators, so the defense that holds is proof: owned work with a version history, a named human reviewer, and a signed, auditable chain of custody. Taskade Genesis builds this in, with apps you own, version history, and role-based access showing who changed what.
AI proved it can generate anything. The open question of 2026 is whether we can still tell what is real — and the answer is not a better detector, it is a better paper trail. Taskade Genesis makes sure what you build is owned, reviewed, and traceable, not slop. Explore real community apps, see what AI agents can do, or start from a prompt.