AI becomes a bug hunter… with mixed results
Bug bounty platforms are experiencing a boom period. HackerOne, one of the largest ecosystems for security vulnerability rewards, registered 85,000 valid submissions in 2025, a 7% increase from the previous year. Good news for cybersecurity? Not quite.
Behind this growth lies a more nuanced reality: artificial intelligence has revolutionized how security researchers hunt for vulnerabilities. AI models can now scan code at breakneck speed, identify suspicious patterns, and automatically generate reports. The catch? They’re also generating tons of false positives and “sloppy reports.”
Separating the wheat from the chaff
This volume increase masks a growing problem: submission quality is deteriorating. Moderation teams on these platforms now have to sort through genuine, relevant bugs and what the industry now calls “slop”—those hastily compiled reports mass-generated by AI tools without proper human verification.
It’s a bit like giving millions of detectives an automated magnifying glass, except many of them are pointing at every shadow on the wall screaming “Bug found!”
A challenge for the ecosystem
This situation creates several concrete challenges. First, developers are overwhelmed with notifications. Second, security experts spending time analyzing irrelevant reports waste valuable resources. Finally, it dilutes the real impact of genuine security discoveries.
Platforms like HackerOne must now refine their validation systems to distinguish legitimate contributions from unsupervised AI-generated ones. It’s a balancing act: encourage innovation and automation without letting the system get clogged with digital garbage.
Looking ahead
The crypto ecosystem remains particularly vulnerable to security flaws—coding errors can cost millions instantly. An increase in bug reports is theoretically encouraging. However, the community needs to develop stricter standards to ensure AI remains a helpful tool, not a noise generator.