BUG BOUNTY PROGRAMS BATTLE AI-GENERATED SPAM

Bug bounty programs, which reward hackers for identifying software flaws, are experiencing a deluge of AI-generated submissions that waste time and resources. In response, companies are taking a two-pronged approach: tightening vetting procedures for researchers and building AI agents to automatically sort through incoming reports. The flood of low-quality submissions threatens to undermine the effectiveness of programs designed to improve security. Legitimate security researchers face increased friction in the submission process, while companies must invest in additional infrastructure to handle the noise. This dynamic reflects a broader tension in cybersecurity: as AI tools become more accessible, they enable both defenders and those gaming the system. Organizations must balance openness to genuine researchers with protection against AI-generated spam that clogs their triage pipelines. The trend suggests that bug bounty platforms may need to evolve their models to remain viable, potentially requiring stronger identity verification or reputation systems.