AI Slop Is Flooding Startup Inboxes. Build Your Filter.
The curl project just shut its vulnerability inbox for a month to escape AI-generated noise. Your startup faces the same flood in support, sales, and hiring. Here is the triage playbook.

What just happened at curl, and why should founders care?
One of the most important pieces of software on the internet just hung a "closed" sign on its front door.
curl, the data transfer library built into billions of devices, announced it will not accept any vulnerability reports between July 1st and August 3rd, 2026. Daniel Stenberg, its creator, calls it the "summer of bliss." His team needed a vacation from a flood of AI-generated security reports that doubled this year, after already doubling the year before. In one recent 15-day stretch, curl triaged 19 reports on HackerOne. Nearly all were low-value submissions written by AI agents. The project had already killed its bug bounty in January after paying out over $100,000 across 87 real vulnerabilities.
"Now we need some rest. We do not expect this deluge to be over," Stenberg wrote. Other projects, like the libexpat XML parser, joined the pause within days.
If a 25-year-old project with world-class maintainers got buried, your five-person startup is not immune. You're next.
Why is AI noise an economics problem, not a tech problem?
Here's the mechanism, and it's brutally simple. Language models dropped the cost of producing a plausible-looking message to nearly zero. The cost of a human reading that message carefully stayed exactly where it was.
That asymmetry breaks every open channel you run. A fake security report takes 30 seconds to generate and 30 minutes to disprove, because you can't dismiss it until someone checks whether the cited function even exists. Stenberg noted the slop has improved, from obvious nonsense to reports that describe real but harmless quirks. Better fakes cost more to reject, not less.
So stop thinking of this as spam, which filters catch because it looks different from real mail. Slop looks like real mail. It is polite, formatted, and technically fluent. The only reliable filter left is the one thing that got expensive: careful human attention. Which means you have to budget attention the way you budget cash.
Where will your startup feel the flood first?
Anywhere you publish an address, expect the deluge.
Your support inbox will fill with fluent tickets from accounts that barely use your product, some fishing for refunds or credentials. Your sales inbox will fill with personalized-sounding partnership offers assembled by outbound bots. If you run a security disclosure page, you'll get curl's problem in miniature: confident reports citing code paths that don't exist. Post a job and hundreds of AI-written applications arrive in days. GitHub itself has reported that a surge of automated vulnerability reports is slowing down real security fixes across the ecosystem.
The pattern across all five channels is identical. Volume up, signal down, and every message engineered to look like the one you can't afford to ignore. A founder who reads everything personally, which used to be a genuine advantage, now burns hours daily proving negatives. That time comes straight out of product, customers, and sleep.
How do you triage without ignoring real signal?
The answer is tiers, not walls.
Sort every inbound message by one question: how much would it cost us if this were real and we missed it? A security report from a customer deserves a different lane than a cold partnership pitch. Build two or three lanes with different response promises. Paying customers get a fast human. Unknown senders get an autoresponder that asks for proof of work first.
Proof of work is your best weapon, because it flips the cost asymmetry back in your favor. Ask the security reporter for a working proof of concept, not a description. Ask the job applicant to complete a short task that requires reading your actual docs. Ask the partnership pitch to name three specific customers who would benefit. Real people with real claims clear these bars in minutes. Slop generators mostly don't bother, because their whole business model depends on never spending effort on any single target.
Your AI co-founder is ready when you are.
Foundra turns everything in this article into an actual plan. Validation, customers, pricing, launch. In one place, in your voice, in an afternoon.
Start free→3-day free trial. No credit card. Cancel anytime.
Should you add friction to every open channel?
Not every channel, and not equally. Friction is a tax on your real users too, so spend it where the noise is worst.
Replace the bare email address with a structured form that requires specifics: version numbers, reproduction steps, order IDs. Vague submissions get instantly cheaper to reject when the required fields are empty. For high-noise channels, consider a small refundable deposit or a paid tier. Notice what curl kept open during its shutdown: paid support contracts still get full service. Money is a spectacular slop filter, because bots don't pay to bother you.
And keep one channel nearly frictionless: the one your paying customers use. The goal is not to hide from the world. It's to make the cost of reaching you proportional to the sender's actual stake in the conversation. A customer with a $500 subscription has stake. A bot spraying 10,000 identical messages has none.
What does a written noise policy look like?
Most teams handle this ad hoc, which means the loudest inbox wins and standards drift with each hire. Write it down instead. One page.
The page should answer four things. Which channels do we monitor, and what response time do we promise on each? What proof do we require before a human investigates each category of claim? Who has authority to close, pause, or add friction to a channel? And what's our tripwire, the metric that tells us a channel has tipped from useful to net-negative? For curl, the tripwire was confirmation rates collapsing while volume doubled.
Treat this like any other operating system for the company: written, versioned, reviewed quarterly. You can draft it in a Google Doc, Notion, or a planning tool like Foundra that gives first-time founders structure for exactly this kind of operations thinking. The format matters less than the decision being made once, deliberately, instead of fifty times a week under pressure.
When is closing a channel the right call?
Sometimes the brave move is the one that feels rude.
curl didn't add a better filter. It stopped accepting reports entirely for a month, and stopped taking email submissions for good. That decision came from data: the last resolved report of real value was months old, while triage load kept doubling. When a channel's hit rate falls that far, keeping it open isn't diligence. It's a subsidy you pay to strangers with bots.
Your version might be smaller. Pause the general contact form for August. Kill the "book a call with a founder" link that books nothing but pitches. Convert open office hours to referral-only. Announce the change publicly with your reasons, the way Stenberg did, because transparency turns a closed door into a policy instead of an insult.
Bad actors won't take a break, he acknowledged. "But we will," he wrote. Rest is an operational resource. Guard it like runway.
How do you avoid becoming the slop?
Uncomfortable question: how much of this flood is being generated by founders like you?
Every AI-personalized cold email blast, every auto-generated "quick question" sequence, every mass application your growth tool sprays out adds to the same pile that's burying everyone's inbox. The tools feel free. The cost lands on the recipient, and increasingly, it lands back on you, because buyers are building the exact defenses this article describes. Structured intake. Proof-of-work requirements. Referral-only doors.
In a world of infinite fluent messages, the scarce asset is verifiable effort. One demo built for a specific prospect beats a thousand templated emails. One thoughtful bug report with a working proof of concept gets read the same day. The founders winning attention in 2026 aren't automating more outreach. They're sending fewer messages that cost them something real to make, because cost is now the signal.
Send what you'd want to receive. That rule survives every model release.
Key takeaways
The short version, for the founder skimming on a phone between fires.
AI dropped the cost of plausible messages to zero while your reading cost stayed fixed, and that asymmetry will flood every open channel you run: support, sales, security, hiring. Triage by stake, not by politeness. Demand proof of work from unknown senders, add friction where noise is worst, and keep the customer lane fast. Write a one-page noise policy so the decision gets made once. Watch your tripwire metrics, and when a channel's hit rate collapses, close or pause it publicly, the way curl just did. Finally, stop contributing to the flood, because verifiable effort is the only outreach that still lands.
Your attention is the company's scarcest resource. The teams that protect it will ship while everyone else is answering robots.
Frequently asked questions
Why did curl stop accepting vulnerability reports in July 2026? The maintainers were overwhelmed by AI-generated reports, which roughly doubled from 2025 after doubling the year before. They paused all submissions from July 1 to August 3, 2026 to rest, while paid support contracts still receive full service.
Is AI slop the same thing as spam? No. Spam looks different from real mail, so filters catch it. Slop imitates legitimate messages: fluent, formatted, and specific-sounding. It usually requires human attention to disprove, which is exactly why it's expensive.
Won't proof-of-work requirements scare away real customers? Keep the customer lane easy and put friction on unknown senders. People with real stakes clear small bars willingly. Mass generators don't, because effort per target breaks their economics.
Should a small startup run a bug bounty in 2026? Probably not without a triage plan. curl paid $100,000 over its program's life and still shut it down under slop load. A clear security contact with a proof-of-concept requirement gets you most of the benefit at a fraction of the cost.
What's the single first step to take this week? Pick your noisiest inbox, replace the bare email address with a structured form requiring specifics, and write down who triages it and how fast. One channel, one page, one owner.
Sources
- Curl won't accept security bug reports for a month: burned out by AI agents (Cybernews)
- curl: summer of bliss (Daniel Stenberg)
- Curl ending bug bounty program after flood of AI slop reports (BleepingComputer)
- Curl will not accept vulnerability reports during July 2026 (Hacker News discussion)
- GitHub overwhelmed as flood of vulnerability reports slows security fixes (Cybernews)
You just read the theory. Ready to build the thing?
Foundra is your AI co-founder. It turns an idea into a validated business plan, a go-to-market, and your first 10 customers. In an afternoon, not a semester.
3 day free trial. No credit card. Works in 20 languages.