AI-fueled surge in bug bounty submissions challenges crypto teams

The rise in bug bounty submissions in the crypto space is largely attributed to the growing adoption of artificial intelligence tools. These tools enable researchers to scan code and draft reports with ease, resulting in a significant increase in submissions. According to Barry Plunkett, co-CEO of Cosmos Labs, the company's bug bounty program has seen a 900% jump in submission volume over the past year, with an average of 20-50 per day. This surge includes both valid and invalid reports, creating more work for teams trying to separate real issues from weak claims.

Some researchers argue that AI may have lowered the cost and effort required to produce a report, leading to more submissions. Kadan Stadelmann, chief technology officer at Komodo Platform, noted that there has been an increase in low-quality bug bounty submissions, some of which may be false positives generated by AI.

While AI tools can help researchers review large amounts of code and point to possible vulnerabilities more quickly, they also generate inaccurate results. This adds pressure on developers and security staff who must review each claim. To mitigate this issue, some teams are implementing stricter review standards and exploring the use of defensive AI systems.