Skip to main content

AI Sparks Bug-Bounty Surge in Crypto, but Low-Quality Reports Grow



Crypto security programs are rethinking vulnerability disclosure as AI tools flood bug bounty submissions across the industry. While bug bounties reward researchers for responsibly flagging flaws, the surge in AI-assisted reports is both an aid and a challenge—helping teams comb through code faster, but also increasing false positives and noise.


Industry voices say AI-assisted analysis is changing how programs must triage and verify findings, a shift with potential implications for developers, operators, and users of decentralized protocols.



Key takeaways



  • AI-enabled tooling is accelerating bug-bounty submissions, expanding both legitimate reports and noise that security teams must sort through.

  • Cosmos Labs reports a roughly 900% jump in submission volume, translating to about 20–50 reports per day and a mix of valid findings and false positives.

  • Leading researchers note rising low-quality submissions and AI-sourced noise, prompting calls for smarter triage and stricter reporting standards.

  • Industry data from HackerOne indicates 85,000 valid bounty submissions in 2025, up 7% from 2024, underscoring growing engagement in bug bounty programs.



AI-driven flood tests bug bounty programs


Co-CEO Barry Plunkett of Cosmos Labs described a dramatic change in how bug bounty programs operate. “Our program has seen a 900% increase in submission volume from last year, on the order of 20–50 per day,” he said, noting that the influx encompasses both credible vulnerability reports and a significant amount of noise. The volume surge has pushed teams to deploy more stringent triage and verification workflows to separate real threats from false alarms.


Across other organizations, developers have reported a similar pattern. Kadan Stadelmann, CTO at Komodo Platform, told Cointelegraph that bug bounty submissions and payouts have risen notably, with a noticeable uptick in low-quality reports and false positives. He suggested that AI-driven tooling may be lowering the cost of producing vulnerability submissions, thereby fueling the higher throughput.



The phenomenon isn’t isolated to crypto software. In January, Daniel Stenberg, the creator of curl—a widely used open-source tool responsible for data transfers in many blockchain infrastructures—announced he would end his personal bug bounty program due to an overwhelming tide of “AI slop in vulnerability reports,” making it exhausting to sift through submissions.



HackerOne, one of the largest bug bounty platforms, also highlighted the broader trend, reporting that 85,000 valid bounty submissions were filed in 2025, up 7% from the previous year. The data underscores how AI-enabled automation is reshaping the volume and pace at which researchers engage with security programs.



AI could be both the cause and the solution


Cosmos Labs has begun adapting in response to the surge by tightening its scoring framework and prioritizing trusted researchers with proven track records. Plunkett said the team is collaborating with other bug bounty providers that offer more advanced triage capabilities, aiming to separate signal from noise more efficiently as volumes rise.


Stadelmann similarly underscored the potential of defensive AI to help teams withstand the deluge. “Blockchain teams will have to create AI deterrents to sift through incoming bug bounties. The smaller the team, the bigger the problem of increased bug bounties will become. Software engineers won't have the capacity to examine everything,” he cautioned. A defensive AI approach could automatically filter and rank reports, reducing the burden on human reviewers.


“This is where defensive AI systems to automatically sift through incoming bug bounties will be crucial. Teams dependent on bug bounties will need to develop stricter standards on their bug bounty programs as a means of lowering the number of incoming reports.”


Taken together, the episode highlights a central tension in bug bounty ecosystems: AI can amplify vigilance by widening the net for vulnerability discovery, but it can also swamp teams with untenable volumes of reports. The path forward appears to hinge on smarter triage tools, more rigorous reporter verification, and standardized quality controls across platforms.



What this means for developers and ecosystems


Bug bounty programs have long been a cornerstone of security for decentralized networks, offering a carrot for researchers to disclose flaws before attackers can exploit them. The current spike in AI-assisted submissions tests the sustainability of those programs, especially for teams with limited security staff. The emerging consensus among practitioners is that AI will be a necessary ally, but only if paired with robust triage protocols and tighter verification standards.


For builders and operators, the development suggests several practical shifts: invest in AI-enabled triage that can coarsely filter reports, cultivate a trusted researcher network to fast-track credible findings, and align with bounty providers that offer deeper automated review capabilities. These moves can help ensure that the bounty ecosystem remains a reliable line of defense rather than a flood of trivial or erroneous submissions.



As the industry experiments with stronger screening and smarter automation, observers will want to watch for how quickly bug bounty platforms roll out standardized quality controls and how crypto projects adapt incentive structures to maintain high signal-to-noise ratios. The degree to which smaller teams can implement effective defensive AI and whether regulators begin to steer disclosure practices will shape the resilience of crypto security in the near term.



Readers should stay tuned for updates on AI-driven triage innovations, platform policy changes, and real-world outcomes from ongoing vulnerability disclosures across leading DeFi and non-DeFi protocols.



Looking ahead, the balance between rapid vulnerability discovery and manageable review workloads will determine how bug bounty programs influence security in an increasingly automated landscape. The next few quarters could define whether AI remains a force multiplier for defense or becomes a bottleneck that teams must outpace with smarter tooling and stricter reporting standards.



https://www.cryptobreaking.com/ai-sparks-bug-bounty-surge/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=AI%20Sparks%20Bug-Bounty%20Surge%20in%20Crypto,%20but%20Low-Quality%20Reports%20Grow%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...
Post a Comment
Read more

Scaramucci Family Invests $100M in Trump-Backed Bitcoin Mining Firm

The recent investment in American Bitcoin highlights the growing interest and participation of prominent figures and families in the cryptocurrency mining sector, particularly in the United States. With over $100 million from the Scaramucci family’s Solari Capital and backing from notable entrepreneurs and investors, American Bitcoin is solidifying its position as a significant player in the evolving blockchain and crypto markets. This move underscores the increasing institutional and individual involvement in Bitcoin and related assets, shaping the future of the crypto industry amidst regulatory and market dynamics. The Scaramucci family’s private investment firm, Solari Capital, has committed over $100 million to American Bitcoin, a major U.S.-based mining company. American Bitcoin raised $220 million in a funding round before going public via reverse merger, with notable backers including Tony Robbins, Charles Hoskinson, Grant Cardone, and Peter Diamandis. The company ...
Post a Comment
Read more

Interactive Brokers Now Accepts USDC for Account Funding

Interactive Brokers Expands Crypto Offerings with Stablecoin Funding Electronic brokerage firm Interactive Brokers has significantly enhanced its cryptocurrency services by allowing clients to fund their accounts with stablecoins that are seamlessly converted into US dollars. This move aims to streamline international trading and address longstanding issues surrounding cross-border capital movement. Key Takeaways Clients can now use stablecoins like USDC on the Ethereum, Solana, and Base blockchains for instant, 24/7 account funding. The stablecoins are converted immediately into US dollars, credited directly to client accounts without dependence on traditional banking hours. Support for Ripple USD and PayPal USD is anticipated to roll out next week, further expanding stablecoin options. The initiative targets reducing costs and delays associated with conventional fiat wire transfers. Tickers mentioned: none Sentiment: Positive Price impact: Neutral; the move enhances transactional ...
Post a Comment
Read more