Crypto protocols have reported a sharp rise in bogus bug bounty submissions attributed to increased AI use, complicating the identification of genuine threats. Bug bounties reward ethical hackers for reporting potential vulnerabilities, a practice prevalent in the crypto sector. While AI has enhanced the detection of bugs in extensive codebases, it has also led to inaccuracies and false positives.
According to Barry Plunkett, co-CEO of Cosmos Labs, there has been a 900% increase in bug bounty submissions from the previous year, with an average of 20 to 50 submissions daily. Plunkett noted this surge has resulted in a significant rise in both valid and invalid reports, further straining resources.
In January, Daniel Stenberg, creator of the tool curl, faced a similar issue, announcing he would cease his bug bounty program due to overwhelming “AI slop in vulnerability reports.” HackerOne reported 85,000 valid submissions in 2025, reflecting a 7% increase from the prior year, indicating a robust interest in bug bounty initiatives despite the challenges.
To adapt, Plunkett stated Cosmos Labs is enhancing its evaluation methods by focusing on submissions from trusted researchers and collaborating with advanced bug bounty providers for effective triage.
As the crypto community navigates this growing challenge, adapting bug bounty programs and incorporating AI could be essential in effectively managing the influx of reports.
