The rise of artificial intelligence is reshaping crypto bug bounty programs, driving a surge in both legitimate and bogus vulnerability reports. Crypto protocols have warned that an increase in AI use has led to a flood of low-quality submissions, putting a strain on teams trying to identify real threats to their protocols.
Cosmos Labs reported a staggering 900% increase in submission volume over the past year, now handling 20-50 reports per day. Barry Plunkett, co-CEO of Cosmos Labs, noted that AI is changing how bug bounty programs operate, adding that the rise includes both valid and invalid reports, creating more work for teams trying to separate real issues from weak claims.
Kadan Stadelmann, chief technology officer at Komodo Platform, confirmed a notable increase in submissions and payouts across organizations. He said some recent reports appeared low quality and may have been false positives, potentially suggesting AI sourcing. Stadelmann explained that AI has lowered the cost and effort required to produce a report, leading to an influx of submissions.
The trend extends beyond crypto. In January, Daniel Stenberg, creator of the open-source data transfer tool curl, ended his bug bounty program due to an influx of what he described as “AI slop in vulnerability reports.” Meanwhile, HackerOne, one of the largest bug bounty platforms, reported 85,000 valid bounty submissions in 2025, up 7% from the previous year.
As submission volumes rise, some crypto teams are adapting. Plunkett said Cosmos Labs has tightened how it scores incoming reports, prioritizing trusted researchers with a proven track record and working with bug bounty providers that offer more advanced triage. Stadelmann suggested that AI may also become part of the solution, with blockchain teams needing defensive AI systems to automatically sift through incoming reports. He emphasized that smaller teams will struggle most because they have fewer engineers available to review large numbers of submissions.
