Crypto protocols warn that growing AI usage has produced a surge of low-quality and bogus bug bounty reports, straining teams that must separate real vulnerabilities from noise. Bug bounty programs reward researchers who disclose potential security flaws and are widely used across the crypto industry. While AI can speed the scanning of large codebases for possible issues, it is also prone to hallucinations that generate false positives.
Barry Plunkett, co-CEO of Cosmos Labs, said the protocol’s program has seen about a 900% rise in submission volume year-over-year, now receiving roughly 20–50 reports per day. That increase has produced many more valid reports but also many invalid ones, creating a heavy triage burden.
Kadan Stadelmann, CTO at Komodo Platform, confirmed a notable uptick in submissions and payouts across organizations. He noted an observable rise in low-quality reports and false positives that may indicate AI-assisted sourcing. “AI has caused a decrease in the cost to produce a report, resulting in an influx of submissions,” he said.
In January, Daniel Stenberg, creator of curl, announced he was ending his bug bounty program after becoming overwhelmed by an influx of “AI slop in vulnerability reports,” leaving him exhausted from filtering them.
Large platforms have also documented growth in valid submissions: HackerOne reported 85,000 valid bounty submissions in 2025, a 7% increase over the prior year.
AI may be both the driver of the problem and part of the solution. Cosmos Labs has adjusted its process by tightening scoring criteria, prioritizing trusted researchers with proven track records, and partnering with bounty providers that offer more advanced triage services.
Stadelmann argued that defensive AI tools will be essential for teams to manage the increased volume. Smaller teams are especially vulnerable because engineers lack the bandwidth to manually evaluate every report. He recommended building AI-based deterrents and stricter standards within bounty programs to reduce low-quality submissions and automate initial filtering.
Related: Crypto hackers stole $17B over past 10 years: DefiLlama
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy