Bug bounty businesses bombarded with AI slop
Bug bounty programs are facing challenges due to an influx of low-quality reports generated by AI tools. Companies like Bugcrowd and Curl have reported a significant increase in spurious submissions, leading some to suspend their programs. Cybersecurity experts suggest that while AI can aid in finding vulnerabilities, it also lowers the barrier for submissions, resulting in a flood of erroneous reports.
- ▪Bug bounty businesses are overwhelmed with low-quality AI-generated reports.
- ▪Curl suspended its bug bounty program due to an explosion of spurious submissions.
- ▪Companies are implementing stricter checks and AI agents to manage the high volume of reports.
Opening excerpt (first ~120 words) tap to expand
swarms Bug bounty businesses bombarded with AI slop “Never-ending” AI slop strains corporate hacking reward schemes. Jamie John, Financial Times – May 18, 2026 9:23 am | 40 Credit: Adobe Credit: Adobe Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Companies that pay hackers to find flaws in their software are being inundated with low-quality reports generated by AI, forcing some to suspend the programs altogether. Businesses that run “bug bounty” schemes have long relied on independent security researchers to spot vulnerabilities. But the rise of AI tools is now overwhelming them with spurious submissions.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ars Technica.
Discussion
0 commentsMore from Ars Technica
