Companies that pay hackers to find flaws in their software are being inundated with low-quality reports generated by AI, forcing some to suspend the programs altogether.
Businesses that run βbug bountyβ schemes have long relied on independent security researchers to spot vulnerabilities. But the rise of AI tools is now overwhelming them with spurious submissions.
Bugcrowd, whose customers include OpenAI, T-Mobile, and Motorola, said the number of reports it received more than quadrupled over a three-week period in March, with most proving to be false.
It’s interesting to see the challenges bug bounty programs are facing with the influx of low-quality submissions. Maintaining high standards in security is crucial, and it will be fascinating to see how companies adapt to these changes.