HackerOne Cuts Rewards as AI Floods Vulnerability Reports

HackerOne has drastically reduced payouts in its Internet Bug Bounty program, cutting rewards for critical vulnerabilities by more than 75 percent. Researchers who submitted bugs months ago are now receiving far smaller payments due to retroactive changes, fueling frustration and concerns about trust in the disclosure process. The shift comes as AI assisted bug discovery accelerates, overwhelming maintainers with high quality but high volume reports that require human validation. Experts warn that the traditional bounty model is becoming obsolete and must evolve to reward verification and remediation, not just discovery.

Read the full story on The Register →