AI slop floods bug bounty programs - forcing some to shut down

Bug bounty programs are being overwhelmed by a surge of low‑quality, AI‑generated vulnerability reports, forcing some companies to pause payouts entirely. Platforms like Bugcrowd and HackerOne report massive spikes in submissions—most of them false or meaningless—driven by amateurs using AI tools and by automated “end‑to‑end” scanning bots. Curl and Nextcloud have already suspended their programs due to the “never‑ending slop.” While AI can help skilled researchers find real flaws faster, the flood of junk reports is reshaping the economics of bug bounties and pushing companies to introduce stricter vetting, background checks, and AI‑powered triage systems.

Read the full story on Ars Technica →