Companies paying hackers to find software flaws are drowning in low-quality reports from AI tools, forcing some to pause their programs.
Bugcrowd reported a quadrupling of reports over three weeks, with most being false. Tools like Curl have suspended their bounty schemes due to an 'explosion' of erroneous submissions.
Cybersecurity experts say advances in generative AI are changing the economics of bug bounties, making it quicker for experienced researchers but also lowering the barrier to entry.
The surge in poor-quality reports is a “major problem,” according to Ross McKerchar. He predicts that while bug bounties will continue, they’ll need to adapt to manage AI-generated noise.
Bug bounty programs have grown in popularity since the early 2000s, with payouts reaching six figures for significant discoveries. Google disbursed $17 million last year, up from $7.5 million in 2021.
