AI-Fueled Bug Bounty Boom Unleashes Hidden Risks Lurking Beneath the Surface
Ever wondered what happens when AI, that brilliant double-edged sword, crashes the party of crypto bug bounty programs? Well, buckle up — crypto protocols are swamped with a tidal wave of bug reports, many sounding alarms but turning out to be wild goose chases. AI, with its wizardry in scanning mountains of code, is now churning out bug submissions faster than ever — but here’s the twist: not all of them hold water. It’s like trying to find a needle in a haystack while the haystack keeps growing exponentially. The good news? Some smart folks in the industry are fighting back, tweaking their playbooks and even unleashing AI as a gatekeeper to sift the real risks from the noise. It’s a wild, messy evolution — and the question is, can AI save us from the AI storm it helped create? Dive into the chaos and the cunning solutions that are shaping the future of crypto security. LEARN MORE.
Crypto protocols have warned that an increase in AI use has led to a flood of bogus bug bounty submissions, putting a strain on teams trying to identify real threats to their protocols.
Bug bounties are a system to reward “good” hackers for submitting reports about potential vulnerabilities and are popular in the crypto industry. AI has now made it easier to sift through large amounts of code to find possible bugs, though AI is also known to hallucinate.
“AI is changing the way that bug bounty programs must operate,” said Barry Plunkett, co-CEO of Cosmos Labs, on Tuesday, responding to a bug bounty hunter who accused the protocol of ignoring their vulnerability report.
“Our program has seen a 900% increase in submission volume from last year, on the order of 20-50 per day,” he said, adding that it’s led to a huge increase in both valid and invalid reports.
Kadan Stadelmann, a blockchain developer and chief technology officer at Komodo Platform, told Cointelegraph he has also seen a notable increase in bug bounty submissions and payouts across organizations.
“There has definitely been an increase in low-quality bug bounty submissions, some of which have been false positives, potentially suggesting AI sourcing. One potential explanation is that AI has caused a decrease in the cost to produce a report, resulting in an influx of submissions.”
In January, Daniel Stenberg, the creator of the open-source data transfer tool curl, which is used in many apps, including blockchain infrastructure, announced he was ending his bug bounty program because of an influx of “AI slop in vulnerability reports,” and he was exhausted from sifting through them.
HackerOne, one of the largest bug bounty platforms in the world, reported in January that there were 85,000 valid bounty submissions in 2025, up 7% from the previous year.
AI could be both the cause and the solution
Plunkett said Cosmos Labs has already started to adapt its approach as a result of the uptick in bug bounty submissions by tightening how it scores submissions, prioritizing trusted researchers with a proven track record and working with other bug bounty providers that offer more advanced triage.
Meanwhile, Stadelmann said bug bounty programs have proven integral to defending decentralized systems, and adopting AI to assist in sifting through the noise could be a solution.
“Blockchain teams will have to create AI deterrents to sift through incoming bug bounties. The smaller the team, the bigger the problem of increased bug bounties will become. Software engineers won’t have the capacity to examine everything,” he said.
“This is where defensive AI systems to automatically sift through incoming bug bounties will be crucial. Teams dependent on bug bounties will need to develop stricter standards on their bug bounty programs as a means of lowering the number of incoming reports.”
Related: Crypto hackers stole $17B over past 10 years: DefiLlama
Post Comment