AI flood drives surge in bogus crypto bug bounty reports

2026-04-22 · Source: Dataconomy · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Blockchain & Distributed Ledger Technology · Depth: Intermediate, quick

Summary

Crypto protocols are facing a significant increase in bogus bug bounty submissions, largely attributed to the expanded use of AI tools by ethical hackers. This surge complicates the identification of genuine security vulnerabilities, despite AI's capability to scan extensive codebases. Cosmos Labs' co-CEO, Barry Plunkett, reported a 900% increase in submissions, averaging 20 to 50 daily, leading to a rise in both valid and invalid reports. Daniel Stenberg, creator of curl, terminated his bug bounty program in January due to overwhelming "AI slop." HackerOne noted 85,000 valid submissions in 2025, a 7% year-over-year increase. In response, Cosmos Labs is adjusting its strategy by tightening submission scoring and prioritizing trusted researchers.

Key takeaway

For CTOs and VP of Engineering managing security for crypto protocols, the influx of AI-generated bug reports demands immediate attention to your bug bounty program's structure. You should evaluate implementing more stringent submission scoring and consider prioritizing reports from a curated list of trusted researchers to reduce time spent sifting through invalid submissions and ensure critical vulnerabilities are identified efficiently.

Key insights

AI-driven bug bounty submissions are overwhelming crypto protocols, necessitating refined triage and trusted researcher prioritization.

Principles

• AI increases submission volume and noise.
• Trust-based filtering enhances signal-to-noise ratio.

Method

Cosmos Labs is tightening submission scoring and prioritizing reports from trusted researchers to manage the influx of AI-generated submissions.

In practice

• Implement stricter submission criteria.
• Develop a trusted researcher program.

Topics

• Crypto Protocols
• Bug Bounties
• Artificial Intelligence
• Vulnerability Reports
• Cosmos Labs

Best for: CTO, VP of Engineering/Data, MLOps Engineer, AI Security Engineer, Director of AI/ML

Related on AIssential

• Bug bounty businesses bombarded with AI slop — AI tools are overwhelming bug bounty programs with low-quality reports, necessitating program adaptation and AI-driven triage.
• Adversaries have under-protected APIs in their sights — AI accelerates cyberattacks, making APIs a prime target due to their access to sensitive backend data.
• The Pulse #161: open source projects overwhelmed by AI-generated security reports — AI's rapid integration is reshaping software development, security, and the tech job market.
• Introducing the OpenAI Safety Bug Bounty program — OpenAI's new bug bounty targets AI-specific abuse and safety risks beyond traditional security vulnerabilities.
• Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program — Bug bounty programs are adapting to AI-driven volume by prioritizing validated, high-impact submissions and clarifying shared security responsibilities.
• Google Bug Hunter Claims $500K From AI-Assisted Vulnerability Pipeline — AI-assisted tools can significantly amplify vulnerability discovery, particularly for widespread API exposure.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Dataconomy.