AI flood overwhelms crypto bug bounties, teams tighten triage
AI-generated reports have surged in crypto bug bounties; Cosmos Labs reports a 900% jump to 20–50 submissions daily, prompting stricter triage and prioritization of trusted researchers.
Crypto protocols are receiving a large increase in bug bounty reports generated with AI, creating more low-quality submissions and adding work for triage teams. Cosmos Labs reported a 900% year-over-year rise in submission volume to about 20–50 reports per day. The increase includes both valid vulnerability reports and a high number of false positives.
Barry Plunkett, co-CEO of Cosmos Labs, responded to a bug hunter inquiry with the comment, ‘AI is changing the way that bug bounty programs must operate.’ He said the program has tightened its scoring criteria and now prioritizes researchers with documented track records, and that Cosmos Labs is working with external triage providers to filter incoming reports.
Kadan Stadelmann, chief technology officer at Komodo Platform, reported higher submission volumes and more payouts across projects and noted an uptick in low-quality and false-positive reports that appear to be AI-generated. He suggested the lower cost of producing reports with AI is encouraging mass submissions.
Daniel Stenberg, creator of the open-source curl tool, announced in January he would end his public bug bounty program after citing an influx of ‘AI slop’ and exhaustion from reviewing low-quality reports.
Platform data shows an increase in valid reports as well. HackerOne recorded 85,000 valid bounty submissions in 2025, up about 7% from the prior year, indicating more legitimate findings are being reported alongside higher overall volume.
Teams are changing how they handle reports. Measures include stricter submission standards, higher thresholds for payout, vetting researchers with proven histories, and developing automated filters. Some security leads recommend using defensive AI to pre-screen reports, flag false positives and route higher-risk findings for human review.
Smaller engineering teams face greater strain because they lack the capacity to manually review large numbers of reports. The trend is prompting protocols to adopt more advanced triage tools and to refine program rules to reduce low-quality submissions.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
