Crypto protocols have warned that the rise of artificial intelligence has led to a flood of false bug bounty reports, putting a strain on teams trying to identify real threats to their protocols.
Bug bounties are a system for rewarding “good” hackers for submitting reports on potential vulnerabilities and are popular in the crypto industry. AI has now made it easier to sift through vast amounts of code to find possible bugs, although AI has also been known to hallucinate.
“Artificial intelligence is changing the way bug bounty programs must work.” he said Barry Plunkett, co-founder of Cosmos Labs, responded Tuesday to a bug bounty hunter who accused the protocol of ignoring a vulnerability report.
“Our program has seen a 900% increase in submissions over last year, on the order of 20-50 per day,” he said, adding that this has led to a huge raise in both valid and invalid submissions.
Kadan Stadelmann, blockchain developer and chief technology officer at Komodo Platform, told Cointelegraph that he has also seen a significant raise in bug reports and payouts across organizations.
“There has been a significant increase in the number of low-quality bug bounty reports, some of which were false positives, potentially suggesting AI sourcing. One potential explanation is that AI caused the cost of producing a report to decline, resulting in an influx of reports.”
In January, Daniel Stenberg, creator of an open-source data transfer tool used in many applications, including blockchain infrastructure, announced was winding down its bug bounty program due to an influx of “AI bugs in vulnerability reports” and was exhausted from reviewing them.
HackerOne, one of the largest bug bounty platforms in the world, reported in January that 85,000 valid awards applications were submitted in 2025, an raise of 7% compared to the previous year.
Artificial intelligence can be both the cause and the solution
Plunkett said Cosmos Labs has already begun to adapt its approach as a result of the raise in bug bounty submissions, tightening how it evaluates them, prioritizing trusted researchers with a proven track record and partnering with other bug bounty providers that offer more advanced triage.
Meanwhile, Stadelmann said bug bounty programs have proven to be integral to the defense of decentralized systems, and a solution could be to adopt artificial intelligence to lend a hand sift through the noise.
“Blockchain teams will need to create AI deterrents to review upcoming bug bounties. The smaller the team, the bigger the problem of increased bug bounties will become. Software engineers won’t be able to investigate everything,” he said.
“This is where defensive AI systems that automatically screen for incoming bug bounties will be crucial. Teams dependent on bug bounties will need to develop more stringent standards in their bug bounty programs to reduce the number of incoming reports.”
Related: Crypto hackers have stolen $17 billion in the last 10 years: DefiLlama
