Crypto protocols are grappling with a surge in bug bounty submissions, with reports indicating a 900% increase in volume compared to last year, averaging 20-50 submissions daily. This influx, attributed to the rise of artificial intelligence, has complicated the identification of legitimate threats, as many reports are of low quality or outright false positives.
Barry Plunkett, co-CEO of Cosmos Labs, noted that AI is transforming the operational landscape for bug bounty programs. He highlighted the necessity for tighter scoring methods to prioritize submissions from trusted researchers. Simultaneously, Kadan Stadelmann, CTO of Komodo Platform, echoed these concerns, emphasizing that the decrease in reporting costs due to AI could be driving the increase in submissions.
In January, Daniel Stenberg, the creator of the widely used open-source tool curl, announced the cessation of his bug bounty program, citing the overwhelming amount of “AI slop” in vulnerability reports. This trend raises questions about the future effectiveness of bug bounty systems as they adapt to evolving technologies.