Bug bounty programs are being overwhelmed by a surge of low-quality AI-generated vulnerability reports, forcing some companies to suspend their programs. Security firms like Bugcrowd report a quadrupling of submissions, most of which are false positives, as generative AI tools lower the barrier to entry. While experienced researchers can use AI to find flaws more efficiently, the influx of automated and erroneous reports is straining resources and prompting a need for program restructuring.
Background
Bug bounty programs reward security researchers for finding and reporting software vulnerabilities, with major tech companies offering significant payouts for critical discoveries. The rise of generative AI tools has made it easier for both experts and amateurs to search for vulnerabilities, but has also led to an increase in automated and low-quality submissions.
- Source
- Ars Technica
- Published
- May 18, 2026 at 09:23 PM
- Score
- 7.0 / 10