AI guidelines (#3520)

Author: wargio

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,11 +4,12 @@
 - [ ] I've read the [guidelines for contributing](https://cutter.re/docs/contributing/code/getting-started.html) to this repository
 - [ ] I made sure to follow the project's [coding style](https://cutter.re/docs/contributing/code/development-guidelines.html)
 - [ ] I've updated the [documentation](https://cutter.re/docs/user-docs.html) with the relevant information (if needed)
+- [ ] I've used AI tools to generate fully or partially these code changes and I'm sure the changes are not copyrighted by somebody else.
 
 
 **Detailed description**
 
-<!-- Explain the **details** for making this change. Is a new feature implemented? What existing problem does the pull request solve? How does the pull request solve these issues? Please provide enough information so that others can review your pull request. -->
+<!-- Explain the **details** for making this change. Is a new feature implemented? What existing problem does the pull request solve? How does the pull request solve these issues? Please provide enough information so that others can review your pull request. If you have used AI tools to generate these code changes, please disclose software used, model name. -->
 
 **Test plan (required)**
 

CONTRIBUTING.md

@@ -23,3 +23,19 @@ Check issues marked as "Documentation" on our issues [list](https://github.com/r
 ## Translations
 
 You can help Cutter by adding translations to the project! We use the [Crowdin](https://crowdin.com/project/cutter) platform to help us share translations. Feel free to contribute and add translations to the project. If you need to add a language, ask any rizinorg developer.
+
+## Usage of AI tools
+
+Following the widespread availability of large language models and generative AI, Rizin Organization has received a growing number of changes generated partially or entirely using such tools. Many of these are completely unusable in our codebase.
+While AI tools can help to draft changes, they must not replace human understanding and proper code modifications.
+
+If you use AI tools to help prepare a code change, you must:
+
+- **Disclose** which AI tools were used and specify what they were used for.
+- **Verify** that the code compiles, works and is not copyrighted by somebody else.
+- **Avoid** fabricated code, placeholder text, or references to non-existent code.
+
+Changes that appear to be unverified AI output will be closed without response.
+Repeated low-quality submissions may result in a ban.
+
+We align with similar policies adopted by other major open-source projects, which have described the flood of unverified AI-generated code changes as disruptive, counterproductive, and a drain on limited team resources.

SECURITY.md

@@ -21,3 +21,19 @@ If you have not received a reply to your email within 48 hours, or have not hear
 **Important:** Don't disclose any information regarding the issue itself in the public chats.
 
 Please note that the Cutter Security team isn't handling security issues on the rizin repository.
+
+## AI generated vulnerability reports 
+
+Following the widespread availability of large language models and generative AI, we have seen a number of security reports generated partially or entirely using such tools. Many of these contain inaccurate, misleading, or fictitious content.
+While AI tools can help draft or analyze reports, they must not replace human understanding and review.
+
+If you use AI tools to help prepare a report, you must:
+
+- **Disclose** which AI tools were used and specify what they were used for (analysis, writing the description, writing the exploit, etc).
+- **Verify** that the issue describes a real, reproducible vulnerability that otherwise meets these reporting guidelines.
+- **Avoid** fabricated code, placeholder text, or references to non-existent code.
+
+Reports that appear to be unverified AI output will be closed without response.
+Repeated low-quality submissions may result in a ban.
+
+For these reasons, we decided to align with similar policies adopted by other major open-source projects, which have described the flood of unverified AI-generated reports as disruptive, counterproductive, and a drain on limited security team resources.