Skip to main content

AI Sparks Bug-Bounty Surge in Crypto, but Low-Quality Reports Grow



Crypto security programs are rethinking vulnerability disclosure as AI tools flood bug bounty submissions across the industry. While bug bounties reward researchers for responsibly flagging flaws, the surge in AI-assisted reports is both an aid and a challenge—helping teams comb through code faster, but also increasing false positives and noise.


Industry voices say AI-assisted analysis is changing how programs must triage and verify findings, a shift with potential implications for developers, operators, and users of decentralized protocols.



Key takeaways



  • AI-enabled tooling is accelerating bug-bounty submissions, expanding both legitimate reports and noise that security teams must sort through.

  • Cosmos Labs reports a roughly 900% jump in submission volume, translating to about 20–50 reports per day and a mix of valid findings and false positives.

  • Leading researchers note rising low-quality submissions and AI-sourced noise, prompting calls for smarter triage and stricter reporting standards.

  • Industry data from HackerOne indicates 85,000 valid bounty submissions in 2025, up 7% from 2024, underscoring growing engagement in bug bounty programs.



AI-driven flood tests bug bounty programs


Co-CEO Barry Plunkett of Cosmos Labs described a dramatic change in how bug bounty programs operate. “Our program has seen a 900% increase in submission volume from last year, on the order of 20–50 per day,” he said, noting that the influx encompasses both credible vulnerability reports and a significant amount of noise. The volume surge has pushed teams to deploy more stringent triage and verification workflows to separate real threats from false alarms.


Across other organizations, developers have reported a similar pattern. Kadan Stadelmann, CTO at Komodo Platform, told Cointelegraph that bug bounty submissions and payouts have risen notably, with a noticeable uptick in low-quality reports and false positives. He suggested that AI-driven tooling may be lowering the cost of producing vulnerability submissions, thereby fueling the higher throughput.



The phenomenon isn’t isolated to crypto software. In January, Daniel Stenberg, the creator of curl—a widely used open-source tool responsible for data transfers in many blockchain infrastructures—announced he would end his personal bug bounty program due to an overwhelming tide of “AI slop in vulnerability reports,” making it exhausting to sift through submissions.



HackerOne, one of the largest bug bounty platforms, also highlighted the broader trend, reporting that 85,000 valid bounty submissions were filed in 2025, up 7% from the previous year. The data underscores how AI-enabled automation is reshaping the volume and pace at which researchers engage with security programs.



AI could be both the cause and the solution


Cosmos Labs has begun adapting in response to the surge by tightening its scoring framework and prioritizing trusted researchers with proven track records. Plunkett said the team is collaborating with other bug bounty providers that offer more advanced triage capabilities, aiming to separate signal from noise more efficiently as volumes rise.


Stadelmann similarly underscored the potential of defensive AI to help teams withstand the deluge. “Blockchain teams will have to create AI deterrents to sift through incoming bug bounties. The smaller the team, the bigger the problem of increased bug bounties will become. Software engineers won't have the capacity to examine everything,” he cautioned. A defensive AI approach could automatically filter and rank reports, reducing the burden on human reviewers.


“This is where defensive AI systems to automatically sift through incoming bug bounties will be crucial. Teams dependent on bug bounties will need to develop stricter standards on their bug bounty programs as a means of lowering the number of incoming reports.”


Taken together, the episode highlights a central tension in bug bounty ecosystems: AI can amplify vigilance by widening the net for vulnerability discovery, but it can also swamp teams with untenable volumes of reports. The path forward appears to hinge on smarter triage tools, more rigorous reporter verification, and standardized quality controls across platforms.



What this means for developers and ecosystems


Bug bounty programs have long been a cornerstone of security for decentralized networks, offering a carrot for researchers to disclose flaws before attackers can exploit them. The current spike in AI-assisted submissions tests the sustainability of those programs, especially for teams with limited security staff. The emerging consensus among practitioners is that AI will be a necessary ally, but only if paired with robust triage protocols and tighter verification standards.


For builders and operators, the development suggests several practical shifts: invest in AI-enabled triage that can coarsely filter reports, cultivate a trusted researcher network to fast-track credible findings, and align with bounty providers that offer deeper automated review capabilities. These moves can help ensure that the bounty ecosystem remains a reliable line of defense rather than a flood of trivial or erroneous submissions.



As the industry experiments with stronger screening and smarter automation, observers will want to watch for how quickly bug bounty platforms roll out standardized quality controls and how crypto projects adapt incentive structures to maintain high signal-to-noise ratios. The degree to which smaller teams can implement effective defensive AI and whether regulators begin to steer disclosure practices will shape the resilience of crypto security in the near term.



Readers should stay tuned for updates on AI-driven triage innovations, platform policy changes, and real-world outcomes from ongoing vulnerability disclosures across leading DeFi and non-DeFi protocols.



Looking ahead, the balance between rapid vulnerability discovery and manageable review workloads will determine how bug bounty programs influence security in an increasingly automated landscape. The next few quarters could define whether AI remains a force multiplier for defense or becomes a bottleneck that teams must outpace with smarter tooling and stricter reporting standards.



https://www.cryptobreaking.com/ai-sparks-bug-bounty-surge/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=AI%20Sparks%20Bug-Bounty%20Surge%20in%20Crypto,%20but%20Low-Quality%20Reports%20Grow%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...
Post a Comment
Read more

Top Cryptocurrencies to Watch: BTC, ETH, BNB, XRP, Solana, Dogecoin & More

Market Analysis and Price Predictions for Key Cryptocurrencies Recent market dynamics reveal a cautious sentiment across the cryptocurrency landscape, with Bitcoin struggling to maintain levels above $90,000 and many major altcoins facing downward pressure. Indicators point toward reduced participation from both institutional and retail investors, raising concerns about a potential consolidation phase after notable gains earlier in the year. Bitcoin has fallen below $87,000, reflecting waning demand at higher price points. Institutional fund flows into BTC and ETH ETFs have turned negative, indicating a period of subdued market activity. Active addresses and Binance deposit/withdrawal activities are at annual lows, suggesting market indecision. Most leading altcoins are approaching support levels, with some poised for potential breakdowns. Tickers mentioned: Bitcoin, Ethereum, Binance Coin, XRP, Solana, Dogecoin, Cardano, Bitcoin Cash, Chainlink, Hyperliquid Sentiment: Neutral to Sli...
Post a Comment
Read more

Can Solana and Ethereum Conquer the Tokenization Race? Insights from Dragonfly

Ethereum and Solana Poised for Coexistence in Expanding Tokenization Market, Says Industry Expert In the rapidly evolving landscape of blockchain technology, Ethereum and Solana are emerging as key players in the tokenization and digital asset economy. A leading venture capitalist emphasizes that both platforms are likely to thrive side by side, rather than one overshadowing the other, as they cater to different aspects of the expanding market. Key Takeaways Both Ethereum and Solana are vital to the future of tokenization, each serving different market needs. Ethereum dominates stablecoin issuance and on-chain economic activity, while Solana excels in trading volume and transaction speed. The vast disparity in network asset value highlights their unique strengths and market positioning. The industry anticipates multiple blockchains playing complementary roles, with new entrants potentially capturing market share. Tickers mentioned: $BTC, $ETH, $SOL Sentiment: Neutral Price impact: N...
Post a Comment
Read more