AI-Driven Bug Bounty Boom Brings Surge in Reports and Rising ‘AI Slop’ Concerns

Artificial intelligence is rapidly changing bug bounty programs, leading to a sharp rise in vulnerability submissions across crypto and blockchain projects. Bug bounties reward ethical hackers for identifying security flaws, and AI tools now allow researchers to scan large volumes of code more quickly. According to HackerOne, one of the world’s largest bug bounty platforms, there were 85,000 valid bounty submissions in 2025, representing a 7% increase compared with the previous year.

Barry Plunkett, co-chief executive of Cosmos Labs, said AI is transforming how bounty programs operate. He reported his organization experienced a 900% increase in submissions, receiving roughly 20 to 50 reports daily. While this growth has produced more valid discoveries, it has also created a significant rise in invalid and repetitive reports.

Experts Warn About False Positives and Growing Workloads

Kadan Stadelmann, chief technology officer at Komodo Platform, noted a noticeable rise in low-quality submissions, including false positives that may be linked to AI-generated reports. He suggested AI has lowered the cost and effort needed to produce vulnerability claims, leading to an influx of questionable entries.

In January, Daniel Stenberg, creator of the open-source data transfer tool curl, announced he ended his bug bounty program after becoming overwhelmed by what he described as “AI slop” in vulnerability reports.

Defensive AI and Tighter Screening Seen as Future Solutions

Despite the challenges, experts believe AI could also provide solutions. Plunkett said Cosmos Labs has tightened scoring systems, prioritized trusted researchers, and partnered with advanced triage providers. Stadelmann added that defensive AI systems capable of automatically reviewing incoming submissions will become essential, especially for smaller teams with limited capacity to manually verify large volumes of reports.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.