
2 Days Left: XRP Amendment With Rare 100% Consensus Eyes Activation
XRP's 'fixCleanup3_1_3' amendment achieves 100% consensus, activating soon!

Companies are facing a rise in low-quality AI-generated submissions in bug bounty programs, leading some to suspend their initiatives. Security teams are overwhelmed by sorting real vulnerabilities from fake reports.
Mentioned in this story
Artificial intelligence is creating a new headache for companies that rely on bug bounty programs to uncover software vulnerabilities.
Cybersecurity firms and open-source software projects are dealing with a surge of AI-generated bug reports, many of which are false or misleading. That's per a report from Financial Times, which says that the growing number of low-quality submissions is forcing some organizations to pause bug bounty programs as security teams spend more time sorting real vulnerabilities from spam.
Bug bounties have also become big business, with companies including Meta, Microsoft, Apple, and Crypto.com collectively paying at least $58 million in 2025 to researchers who find software flaws before hackers do.
However, generative AI tools are also making it easier to exploit bug bounty programs by producing large volumes of inaccurate or low-quality vulnerability reports at scale.
According to San Francisco-based Bugcrowd, reports submitted through its platform more than quadrupled during three weeks in March. The company, whose clients include ChatGPT developer OpenAI, said most of the reports were fake.
Because of the flood of AI-generated reports, some companies have already begun rolling back their public bounty programs.
“Bug bounties are going to stay [but] they’re going to have to change,” Ross McKerchar, chief information security officer at cybersecurity company Sophos, told the Financial Times.
In April, cybersecurity platform HackerOne and hosting platform Nextcloud both suspended their paid bounty program, with Nextcloud adding that “no financial rewards will be awarded for any submissions, regardless of severity.”
AI is causing an increase in low-quality, fake bug reports, which is overwhelming security teams and leading some companies to suspend their programs.
HackerOne and Nextcloud have both suspended their bug bounty programs in response to the surge of fake reports.
In 2025, companies like Meta, Microsoft, Apple, and Crypto.com collectively paid at least $58 million to researchers for finding software vulnerabilities.

XRP's 'fixCleanup3_1_3' amendment achieves 100% consensus, activating soon!

US Treasury imposes sanctions on Sinaloa Cartel associates for crypto money laundering.

Analyst Highlights Ethereum 'Kill Zone' for Optimal Buying

Bitcoin may enter a critical pullback phase if it falls below $74,929.

XRP sees whale accumulation amid market uncertainty, down 5% this week.

Bitcoin may be poised for outperformance against stocks and bonds as inflation persists and bond markets weaken, according to Mark Connors. After a historic 142-day underperformance against the S&P 500, bitcoin is now in a consolidation phase shifting towards outperformance.
See every story in Crypto — including breaking news and analysis.
“As you are likely aware, this is an industry-wide challenge and like others, we have been unable to find ways to responsibly handle the massive increase of low quality reports,” Nextcloud wrote. “We hope to be able to restart the program once a reliable approach to filtering out the low-effort reports has been found.”
The bug bounty news comes as AI models are becoming increasingly better at finding vulnerabilities. In March, Anthropic introduced Mythos, a cyber-focused AI model that the company says can identify vulnerabilities faster than humans. The company is currently keeping the model under wraps, only allowing access to the likes of tech giants, security firms, and governments.
In April, Claude Mythos identified 271 vulnerabilities in Mozilla Firefox during internal testing, while earlier this month, security researchers said a preview version of the model helped develop an exploit targeting Apple’s M5 chips.
Users on Myriad—a prediction market platform operated by Decrypt's parent company, Dastan—don't believe that Claude Mythos will be released publicly by the end of June, currently penciling in just 18% odds.