AI-fueled surge in bug bounty reports sparks concerns over 'slop'

The crypto industry is facing a new challenge as the use of Artificial Intelligence (AI) in bug bounty programs surges. Bug bounty hunters are reporting a significant increase in submissions, but also an increase in 'slop' or false positives.

According to Barry Plunkett, co-CEO of Cosmos Labs, their program has seen a 900% increase in submission volume from last year, with an average of 20-50 reports per day. This has led to a huge increase in both valid and invalid reports, making it challenging for teams to identify real threats.

Kadan Stadelmann, a blockchain developer and chief technology officer at Komodo Platform, agrees that there has been an increase in low-quality bug bounty submissions, some of which have been false positives. He suggests that AI may be the cause, as it can decrease the cost to produce a report, resulting in an influx of submissions.

Some organizations are adopting defensive AI systems to automatically sift through incoming bug bounties and identify real threats. These systems can help prioritize trusted researchers with a proven track record and reduce the workload for teams.