Bug bounty businesses bombarded with AI slop
Ars Technica AI · Jamie John, Financial Times · 2026-05-18
AI-generated low-quality vulnerability reports are overwhelming bug bounty programs, with Bugcrowd seeing a fourfold submission spike over three weeks in March and some companies suspending their programs entirely.
Extraction
Topics: bug-bountyai-misusecybersecurityai-slop
Claims
- Bug bounty programs are being flooded with AI-generated false or low-quality vulnerability reports.
- Bugcrowd reported that submissions more than quadrupled over a three-week period in March 2026, with most proving to be false.
- Some companies have suspended bug bounty programs entirely due to the volume of AI-generated noise.
Key quotes
the number of reports it received more than quadrupled over a three-week period in March, with most proving to be false.