Crypto protocols have warned that a rise in AI use has led to a flood of bogus bug bounty submissions, placing a pressure on groups making an attempt to determine actual threats to their protocols.
Bug bounties are a system to reward “good” hackers for submitting stories about potential vulnerabilities and are standard within the crypto trade. AI has now made it simpler to sift by massive quantities of code to seek out attainable bugs, although AI can be recognized to hallucinate.
“AI is altering the best way that bug bounty packages should function,” mentioned Barry Plunkett, co-CEO of Cosmos Labs, on Tuesday, responding to a bug bounty hunter who accused the protocol of ignoring their vulnerability report.
“Our program has seen a 900% enhance in submission quantity from final 12 months, on the order of 20-50 per day,” he mentioned, including that it’s led to an enormous enhance in each legitimate and invalid stories.
Kadan Stadelmann, a blockchain developer and chief know-how officer at Komodo Platform, instructed Cointelegraph he has additionally seen a notable enhance in bug bounty submissions and payouts throughout organizations.
“There has positively been a rise in low-quality bug bounty submissions, a few of which have been false positives, probably suggesting AI sourcing. One potential clarification is that AI has prompted a lower in the price to provide a report, leading to an inflow of submissions.”
In January, Daniel Stenberg, the creator of the open-source information switch software curl, which is utilized in many apps, together with blockchain infrastructure, introduced he was ending his bug bounty program due to an inflow of “AI slop in vulnerability stories,” and he was exhausted from sifting by them.
HackerOne, one of many largest bug bounty platforms on the earth, reported in January that there have been 85,000 legitimate bounty submissions in 2025, up 7% from the earlier 12 months.
AI may very well be each the trigger and the answer
Plunkett mentioned Cosmos Labs has already began to adapt its method because of the uptick in bug bounty submissions by tightening the way it scores submissions, prioritizing trusted researchers with a confirmed monitor report and dealing with different bug bounty suppliers that provide extra superior triage.
In the meantime, Stadelmann mentioned bug bounty packages have confirmed integral to defending decentralized techniques, and adopting AI to help in sifting by the noise may very well be an answer.
“Blockchain groups should create AI deterrents to sift by incoming bug bounties. The smaller the workforce, the larger the issue of elevated bug bounties will change into. Software program engineers will not have the capability to look at all the things,” he mentioned.
“That is the place defensive AI techniques to robotically sift by incoming bug bounties might be essential. Groups depending on bug bounties might want to develop stricter requirements on their bug bounty packages as a method of decreasing the variety of incoming stories.”
Associated: Crypto hackers stole $17B over previous 10 years: DefiLlama