Bug bounty businesses bombarded with AI slop
Summary
Companies that pay security researchers to find software problems are now receiving many low-quality reports created by AI tools. This surge has caused some businesses to pause their bug bounty programs while they find ways to handle the flood of false reports.Key Facts
- Bug bounty programs pay hackers to find security flaws in software.
- AI tools have increased the number of bug reports, but many are incorrect or low-quality.
- Bugcrowd reported that submissions more than quadrupled in March, mostly false.
- Curl and Nextcloud suspended their bug bounty programs due to too many poor AI-generated reports.
- Experienced and amateur researchers alike are affected by AI-generated incorrect bug findings.
- Some companies are using AI tools themselves to sort through and validate the many submissions.
- HackerOne reported a 76% increase in reports but says 25% still identify real vulnerabilities.
- Experts believe AI will assist but not replace human creativity in finding software issues.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.