AI drives surge in ‘bug bounty’ reports, but ‘slop’ is rising too

HackerOne, a leading platform for bug bounties, recently announced a significant increase in valid bounty submissions, reaching 85,000 in 2025–a 7% rise from 2024. This surge can be attributed to the growing integration of artificial intelligence in cybersecurity, which has empowered researchers and ethical hackers to identify vulnerabilities more effectively. While this increase showcases the heightened vigilance in securing digital assets, it also raises concerns regarding the quality of submissions, with reports indicating a rise in 'slop'–submissions that lack thoroughness or relevance.

The bug bounty model has gained traction over the past decade as organizations recognize the value of incentivizing cybersecurity experts to discover and report vulnerabilities in their systems. By leveraging a diverse pool of security researchers, companies can enhance their security posture while minimizing costs associated with traditional security audits. The rise of AI has further transformed this landscape, enabling more efficient vulnerability detection and analysis, thus driving the volume of reports submitted through platforms like HackerOne.

The implications of this increase for the market are multi-faceted. On one hand, the rise in valid submissions reflects a proactive approach to cybersecurity, suggesting that companies are increasingly committed to safeguarding their digital infrastructures. On the other hand, the concurrent rise in lower-quality submissions poses a challenge for organizations, as they must sift through an increasing volume of less useful reports. This could lead to resource strain, as teams may need to dedicate more time and effort to filter out the noise and focus on legitimate threats.

Industry reactions to these developments have been mixed. Some cybersecurity experts commend the increase in bug bounty participation, viewing it as a positive trend that enhances overall internet security. However, there is also concern about the dilution of quality in submissions, with some experts advocating for better guidance and training for researchers. They argue that improving the standards of submissions will help ensure that the valuable insights from bug bounty programs are not overshadowed by irrelevant or poorly executed reports.

Looking ahead, the bug bounty industry may need to adapt to these changes by implementing new protocols or tools that can help distinguish between high-quality and low-quality submissions. As organizations continue to invest in AI-driven security solutions, it will be crucial for platforms like HackerOne to enhance the vetting process and provide resources that enable researchers to submit more valuable findings. This evolution will not only benefit companies but also foster a more robust security ecosystem in an increasingly digital world.