Account

The Actual News

Just the Facts, from multiple news sources.

Bug bounty businesses bombarded with AI slop

Bug bounty businesses bombarded with AI slop

Summary

Companies that pay security researchers to find software problems are now receiving many low-quality reports created by AI tools. This surge has caused some businesses to pause their bug bounty programs while they find ways to handle the flood of false reports.

Key Facts

  • Bug bounty programs pay hackers to find security flaws in software.
  • AI tools have increased the number of bug reports, but many are incorrect or low-quality.
  • Bugcrowd reported that submissions more than quadrupled in March, mostly false.
  • Curl and Nextcloud suspended their bug bounty programs due to too many poor AI-generated reports.
  • Experienced and amateur researchers alike are affected by AI-generated incorrect bug findings.
  • Some companies are using AI tools themselves to sort through and validate the many submissions.
  • HackerOne reported a 76% increase in reports but says 25% still identify real vulnerabilities.
  • Experts believe AI will assist but not replace human creativity in finding software issues.
Read the Full Article

This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.