AI-powered bug looking has modified the calculus of what makes for an efficient bounty program by accelerating vulnerability discovery — and subjecting code maintainers to ballooning volumes of AI flaw-hunting slop.
Safety researchers are utilizing massive language fashions (LLMs) to automate reconnaissance, reverse engineer APIs, and scan codebases quicker than ever. By making use of AI instruments to methods starting from fuzzing and exploit automation to sample recognition throughout codebases and web sites, researchers are discovering flaws at accelerated charges.
“Over the previous yr, we’ve entered what we name the period of the ‘bionic hacker,’ which is human researchers utilizing agentic AI methods to gather information, triage, and advance discovery,” says Crystal Hazen, senior bug bounty program supervisor at HackerOne, which has added AI instruments to its platform to assist streamline submissions and triage.
