zlacker

>>xmrcat+(OP)
The first thing I have to point out is that this entire article is clearly LLM-generated from start to finish.

The second thing I have to point out is that bug bounty programs are inundated with garbage from people who don't know anything about programming and just blindly trust whatever the LLM says. We even have the 'author' reproducing this blind reinforcement in the article: "Tested Jan 2026. Confirmed working."

The third thing I have to point out is that the response from Valve is not actually shown. We, the reader, are treated to an LLM-generated paraphrasal of something they may or may not have actually said.

Is it possible this issue is real and that Valve responded the way they did? Perhaps, but the article alone leaves me extremely skeptical based on past experiences with LLM-generated bug bounty reports.

>>anonym+96
here you go https://i.ibb.co/39GRMySs/png.png

>>xmrcat+89
Do I misunderstand that to be HackerOne staff - not Valve staff - marking it as "not a security vulnerability" - not "won't fix"?

>>gpm+n9
No, you are correct, that is a HackerOne employee filtering the report before someone at Valve looks at it, a lot of companies have this set up and it's not great.

I would be surprised if responsible Valve staff would agree that this is not something they should fix at some point.

>>meibo+7a
It's still on Valve though. They chose to delegate this and H1 basically becomes their voice here. I wish it was made more clear, but I don't think it's wrong.