Crypto protocols have warned that a rise in AI use has led to a flood of bogus bug bounty submissions, placing a pressure on groups making an attempt to establish actual threats to their protocols.
Bug bounties are a system to reward “good” hackers for submitting experiences about potential vulnerabilities and are popular in the crypto industry. AI has now made it simpler to sift by way of giant quantities of code to search out doable bugs, though AI is also known to hallucinate.
“AI is altering the way in which that bug bounty applications should function,” said Barry Plunkett, co-CEO of Cosmos Labs, on Tuesday, responding to a bug bounty hunter who accused the protocol of ignoring their vulnerability report.
“Our program has seen a 900% improve in submission quantity from final yr, on the order of 20-50 per day,” he stated, including that it’s led to an enormous improve in each legitimate and invalid experiences.
Kadan Stadelmann, a blockchain developer and chief expertise officer at Komodo Platform, instructed Cointelegraph he has additionally seen a notable improve in bug bounty submissions and payouts throughout organizations.
“There has undoubtedly been a rise in low-quality bug bounty submissions, a few of which have been false positives, probably suggesting AI sourcing. One potential clarification is that AI has induced a lower in the fee to supply a report, leading to an inflow of submissions.”
In January, Daniel Stenberg, the creator of the open-source information switch instrument curl, which is utilized in many apps, together with blockchain infrastructure, announced he was ending his bug bounty program due to an inflow of “AI slop in vulnerability experiences,” and he was exhausted from sifting by way of them.
HackerOne, one of many largest bug bounty platforms on the planet, reported in January that there have been 85,000 legitimate bounty submissions in 2025, up 7% from the earlier yr.
AI might be each the trigger and the answer
Plunkett stated Cosmos Labs has already began to adapt its strategy on account of the uptick in bug bounty submissions by tightening the way it scores submissions, prioritizing trusted researchers with a confirmed monitor report and dealing with different bug bounty suppliers that provide extra superior triage.
In the meantime, Stadelmann stated bug bounty applications have confirmed integral to defending decentralized programs, and adopting AI to help in sifting by way of the noise might be an answer.
“Blockchain groups should create AI deterrents to sift by way of incoming bug bounties. The smaller the staff, the larger the issue of elevated bug bounties will grow to be. Software program engineers will not have the capability to look at the whole lot,” he stated.
“That is the place defensive AI programs to robotically sift by way of incoming bug bounties will likely be essential. Groups depending on bug bounties might want to develop stricter requirements on their bug bounty applications as a method of decreasing the variety of incoming experiences.”
Associated: Crypto hackers stole $17B over past 10 years: DefiLlama
Source link
