Crypto protocols have warned that a rise in AI use has led to a flood of bogus bug bounty submissions, placing a pressure on groups making an attempt to establish actual threats to their protocols.
Bug bounties are a system to reward “good” hackers for submitting studies about potential vulnerabilities and are popular in the crypto industry. AI has now made it simpler to sift via massive quantities of code to search out potential bugs, though AI is also known to hallucinate.
“AI is altering the way in which that bug bounty packages should function,” said Barry Plunkett, co-CEO of Cosmos Labs, on Tuesday, responding to a bug bounty hunter who accused the protocol of ignoring their vulnerability report.
“Our program has seen a 900% enhance in submission quantity from final 12 months, on the order of 20-50 per day,” he stated, including that it’s led to an enormous enhance in each legitimate and invalid studies.
Kadan Stadelmann, a blockchain developer and chief know-how officer at Komodo Platform, instructed Cointelegraph he has additionally seen a notable enhance in bug bounty submissions and payouts throughout organizations.
“There has undoubtedly been a rise in low-quality bug bounty submissions, a few of which have been false positives, probably suggesting AI sourcing. One potential clarification is that AI has brought about a lower in the price to supply a report, leading to an inflow of submissions.”
In January, Daniel Stenberg, the creator of the open-source information switch instrument curl, which is utilized in many apps, together with blockchain infrastructure, announced he was ending his bug bounty program due to an inflow of “AI slop in vulnerability studies,” and he was exhausted from sifting via them.
HackerOne, one of many largest bug bounty platforms on this planet, reported in January that there have been 85,000 legitimate bounty submissions in 2025, up 7% from the earlier 12 months.
AI might be each the trigger and the answer
Plunkett stated Cosmos Labs has already began to adapt its strategy because of the uptick in bug bounty submissions by tightening the way it scores submissions, prioritizing trusted researchers with a confirmed monitor report and dealing with different bug bounty suppliers that provide extra superior triage.
In the meantime, Stadelmann stated bug bounty packages have confirmed integral to defending decentralized methods, and adopting AI to help in sifting via the noise might be an answer.
“Blockchain groups must create AI deterrents to sift via incoming bug bounties. The smaller the staff, the larger the issue of elevated bug bounties will turn out to be. Software program engineers will not have the capability to look at every little thing,” he stated.
“That is the place defensive AI methods to routinely sift via incoming bug bounties can be essential. Groups depending on bug bounties might want to develop stricter requirements on their bug bounty packages as a way of reducing the variety of incoming studies.”
Associated: Crypto hackers stole $17B over past 10 years: DefiLlama
