The integration of AI into bug bounty programs is reshaping the landscape of cybersecurity, particularly within the crypto sector. According to HackerOne, a leading bug bounty platform, there were 85,000 valid bounty submissions in 2025, marking a 7% increase from the previous year.
Surge in Submissions
Crypto protocols are experiencing a notable influx of bug bounty submissions, driven largely by AI’s ability to analyze extensive codebases for vulnerabilities. However, this surge has also led to an increase in bogus submissions, complicating the task of identifying genuine threats. Barry Plunkett, co-CEO of Cosmos Labs, reported a staggering 900% rise in submission volume, averaging 20-50 reports daily. This spike has resulted in a mix of both valid and invalid reports.
Quality Concerns
Experts like Kadan Stadelmann, CTO of Komodo Platform, have noted a rise in low-quality submissions, some of which may be attributed to AI-generated false positives. This trend suggests that while AI reduces the cost of generating reports, it simultaneously dilutes the quality of submissions. Daniel Stenberg, the creator of the open-source tool curl, has even ceased his bug bounty program due to the overwhelming volume of what he termed “AI slop” in vulnerability reports.
Adapting to New Challenges
In response to the challenges posed by the influx of submissions, Cosmos Labs is adjusting its bug bounty program. Plunkett indicated that they are tightening their scoring criteria, focusing on submissions from trusted researchers with established track records. This strategic shift aims to enhance the quality of incoming reports.
Future Solutions
As the bug bounty landscape evolves, the implementation of defensive AI systems may become essential. Stadelmann emphasized that smaller teams could struggle to manage the volume of reports, necessitating automated solutions to filter through submissions effectively. Establishing stricter standards for bug bounty programs will also be crucial in managing the quality and quantity of incoming reports.
The intersection of AI and bug bounty programs presents both opportunities and challenges, compelling organizations to rethink their strategies in vulnerability management.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
