AI Slop Floods Crypto Bug Bounty Programs as HackerOne Hits 85,000 Reports

Bug bounty programs across crypto are buckling under a wave of AI generated junk reports, and the people running them are running out of patience. HackerOne, one of the biggest bounty platforms on the planet, logged 85,000 valid submissions in 2025, a 7% bump from the year before. The valid ones are not the problem. The problem is everything else flooding the inbox alongside them.

Why Bug Bounty Programs Are Drowning in AI Slop

Crypto protocols built their security model on a simple trade. Pay ethical hackers a bounty, get vulnerability reports before the attackers find them, patch the hole. That trade still works. What broke is the ratio of signal to noise. Large language models can now scan a repo, invent a plausible sounding exploit, and spit out a polished report in under a minute. Most of those reports are nonsense. A lot of them look real enough to fool a triage engineer for the first thirty seconds.

That is where the term AI slop has landed. It describes the tidal wave of low quality AI content now clogging every open submission channel on the internet, and vulnerability disclosure programs have become one of its favorite targets. The incentive structure is brutal. A successful report can pay thousands of dollars. A failed report costs the submitter nothing. Bots win that math every time.

Barry Plunkett, co-CEO of Cosmos Labs, said the protocol’s program has seen a 900% jump in submission volume year over year. He put the daily intake at 20 to 50 reports, a number that would have been unthinkable for a single protocol team running its own bug bounty programs two years ago.

AI is changing the way that bug bounty programs must operate.

What Did HackerOne Actually Report?

The 85,000 Number in Context

HackerOne reported 85,000 valid bounty submissions across its platform in 2025, up 7% on the year. That sounds healthy until you read the fine print. Valid submissions are the survivors, the reports that survived triage after teams threw out duplicates and hallucinations.

Platforms like HackerOne sit in a strange spot. Their business model rewards volume, because every submission is a potential customer interaction. Their customers, the companies paying bounties, want the opposite. They want fewer reports and higher quality. The AI wave has widened that gap into a canyon.

The answer so far has been to push more triage back onto the platforms themselves. Plunkett said Cosmos Labs is now tightening how it scores submissions, leaning on trusted researchers with a track record, and farming out advanced triage to third party providers. Smaller teams do not have that option.

The curl Moment Was the Warning Shot

In January, Daniel Stenberg, the developer behind the open source transfer tool curl, shut down his curl bug bounty program entirely. His reason was blunt. He was tired of wading through AI slop in vulnerability reports. curl is not some niche hobby project. It ships inside billions of devices, inside blockchain infrastructure, inside half the apps on your phone. When its maintainer says the bounty model is broken, the rest of the industry should probably listen.

Stenberg’s announcement became a rallying point for maintainers of other open source projects who had been quietly drowning in the same mess. A lot of them pay their bounties out of a shoestring budget. Every hour spent reading a hallucinated exploit is an hour not spent shipping real fixes. For a solo maintainer, that math kills the program.

Kadan Stadelmann, chief technology officer at Komodo Platform, said he has watched submissions and payouts climb across the organizations he works with. He was careful with his framing. More submissions does not automatically mean more real bugs caught. It means more triage cost, and not every team can absorb that cost.

Blockchain teams will have to create AI deterrents to sift through incoming bug bounties. The smaller the team, the bigger the problem of increased bug bounties will become.

How Crypto Teams Are Fighting Back

The playbook is still being written, but a pattern is forming. Protocols are turning to the same technology that caused the problem. If AI can write fake reports at scale, AI can also screen them at scale. The early experiments use language models as a first pass filter, flagging submissions that look hallucinated, duplicated, or factually impossible before a human ever sees them.

Cosmos Labs has gone further. Plunkett said the team is now weighing submissions against the submitter’s history, giving priority to researchers with past valid reports. Newcomers still get read, but they sit lower in the queue. That is a painful compromise. It probably means a few real first time researchers get their reports ignored. The alternative is a team burned out by noise before it can patch anything real.

• Reputation gating, prioritizing researchers with a track record of valid submissions
• AI triage, using language models to flag hallucinated or duplicate reports before human review
• Tiered payouts, reserving top bounties for exploits backed by a working proof of concept
• Third party triage, outsourcing first pass review to specialized security providers
• Program pauses, the nuclear option chosen by curl and likely coming to more small projects

What Happens if This Trend Keeps Going?

The cynical read is that bounty programs as we know them are on borrowed time. If the noise keeps doubling every year, the only survivors will be the ones backed by large security teams or expensive platform contracts. Smaller protocols, the exact ones that arguably need bounty feedback the most, will quietly close their programs the way Stenberg did. That is bad for crypto. A lot of the high profile exploits of the last cycle were caught by independent researchers, not internal audits.

The optimistic read is that this is a painful transition, not a death. Every new submission channel on the internet has gone through a spam crisis at some point. Email survived. Search survived. App stores survived, mostly. Bounty programs will probably come out the other side with stricter gating, higher minimum quality bars, and more AI on the defense. The cost will be borne by the hobbyist reporter who no longer gets a free shot at a payout.

There is a third read that nobody wants to say out loud. If protocols start leaning heavily on AI triage to filter AI submissions, the entire pipeline becomes a machine talking to a machine, with human security engineers only stepping in at the very end. That might work. It might also mean the next big exploit gets filed, auto rejected, and sits in a spam folder until an attacker finds it first.

This article is for informational purposes only and does not constitute investment advice. Every investment and trading decision involves risk. Readers should conduct their own research before making any financial decisions.