The bug bounty landscape is shifting dramatically in 2026.
AI-generated reports are literally flooding programs - some platforms report up to 70% of submissions are now AI "slop." The curl project even shut down their program to stop it. Unbelievable.
This isn't just noise. It's a fundamental challenge to the model:
- triagers are overwhelmed
- legitimate researchers compete with AI
- signal-to-noise ratio is collapsing
1/2
What we're seeing isn't just growing pains - it's perhaps a signal that the model needs soem changes I think.
But how to adapt? Certainly the answer isn't AI vs. humans. It's AI + humans. But too many wannabe hunters without real skills are using AI to find potential bugs they report without validating them and most often without even understanding them.
I think that addressing this huge issue is going to be the biggest challenge for bug bounty programs and platforms in the AI era.
2/2
Vito Botta