Crypto protocols have warned that a rise in AI use has led to a flood of bogus bug bounty submissions, placing a pressure on groups attempting to determine actual threats to their protocols.
Bug bounties are a system to reward “good” hackers for submitting studies about potential vulnerabilities and are widespread within the crypto business. AI has now made it simpler to sift via giant quantities of code to seek out doable bugs, although AI can be identified to hallucinate.
“AI is altering the best way that bug bounty packages should function,” stated Barry Plunkett, co-CEO of Cosmos Labs, on Tuesday, responding to a bug bounty hunter who accused the protocol of ignoring their vulnerability report.
“Our program has seen a 900% enhance in submission quantity from final yr, on the order of 20-50 per day,” he stated, including that it’s led to an enormous enhance in each legitimate and invalid studies.
Kadan Stadelmann, a blockchain developer and chief expertise officer at Komodo Platform, instructed Cointelegraph he has additionally seen a notable enhance in bug bounty submissions and payouts throughout organizations.
“There has undoubtedly been a rise in low-quality bug bounty submissions, a few of which have been false positives, doubtlessly suggesting AI sourcing. One potential rationalization is that AI has induced a lower in the associated fee to supply a report, leading to an inflow of submissions.”
In January, Daniel Stenberg, the creator of the open-source information switch device curl, which is utilized in many apps, together with blockchain infrastructure, introduced he was ending his bug bounty program due to an inflow of “AI slop in vulnerability studies,” and he was exhausted from sifting via them.
HackerOne, one of many largest bug bounty platforms on this planet, reported in January that there have been 85,000 legitimate bounty submissions in 2025, up 7% from the earlier yr.
AI may very well be each the trigger and the answer
Plunkett stated Cosmos Labs has already began to adapt its strategy because of the uptick in bug bounty submissions by tightening the way it scores submissions, prioritizing trusted researchers with a confirmed observe file and dealing with different bug bounty suppliers that supply extra superior triage.
In the meantime, Stadelmann stated bug bounty packages have confirmed integral to defending decentralized programs, and adopting AI to help in sifting via the noise may very well be an answer.
“Blockchain groups must create AI deterrents to sift via incoming bug bounties. The smaller the crew, the larger the issue of elevated bug bounties will turn into. Software program engineers will not have the capability to look at every thing,” he stated.
“That is the place defensive AI programs to mechanically sift via incoming bug bounties will probably be essential. Groups depending on bug bounties might want to develop stricter requirements on their bug bounty packages as a way of reducing the variety of incoming studies.”
Associated: Crypto hackers stole $17B over previous 10 years: DefiLlama
