AI is flooding bug bounty programs with fake reports, forcing companies like Nextcloud and HackerOne to suspend them. This surge in low-quality submissions strains security teams and impacts the effectiveness of these programs, despite significant payouts in the past.
Generative AI tools are overwhelming bug bounty programs with fake reports, forcing companies to suspend payouts and increasing workload for cybersecurity professionals. The influx of low-quality submissions is straining resources and prompting a shift towards stricter verification and defensive AI.
Bug bounty programs are struggling with a surge of low-quality reports generated by AI, leading some companies like Curl and Nextcloud to suspend their programs. While AI can help researchers find flaws faster, it has also lowered the barrier to entry, causing an influx of automated or erroneous submissions that are overwhelming security teams.
ZetaChain lost approximately $334,000 in a premeditated exploit on Sunday that targeted its cross-chain gateway contract. The vulnerability had been previously flagged through the protocol's bug bounty program but was dismissed as intended behavior. The attacker exploited three design flaws in combination: unrestricted cross-chain instructions, broad execution permissions with a narrow blocklist, and lingering unlimited spending approvals from previous gateway users. No user funds were affected. A patch disabling arbitrary call functionality is being deployed.
GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI models to uncover a vulnerability in GitHub's internal git infrastructure that could have allowed attackers to access millions of public and private code repositories. "Our security team immediately began validating the bug bounty report. Within […]
OpenAI has launched a Bio Bug Bounty programme offering $25,000 to security researchers who can bypass GPT-5.5's biological safety guardrails. The programme, which opened applications on April 23, challenges participants to find a universal jailbreak prompt capable of getting the model to answer all five biosafety challenge questions without triggering moderation. Access is limited to Codex Desktop, and participants must be vetted and sign NDAs.
Crypto protocols are experiencing a massive influx of AI-generated bug bounty submissions, with Cosmos Labs reporting a 900% increase in volume. The surge, driven by AI tools that can sift through code but also hallucinate vulnerabilities, is straining teams and forcing some programs to adapt or shut down.
Crypto protocols are grappling with a surge in AI-generated bug bounty submissions, with Cosmos Labs reporting a 900% increase in volume to 20-50 per day. The influx of low-quality reports, including false positives from AI tools that hallucinate vulnerabilities, is straining security teams and prompting some programs to adapt their triage processes.
