In a pressing development for the cryptocurrency sector, several crypto protocols have raised alarms over a marked uptick in artificial intelligence (AI) usage, which has led to an overwhelming volume of spurious bug bounty submissions. This surge in misinformation poses significant challenges for security teams as they seek to discern legitimate threats to their protocols.

Bug bounty programs are integral to the crypto industry, designed to encourage “white hat” hackers to report vulnerabilities in exchange for financial rewards. However, with the rise of AI, the process of identifying real bugs from potential threats has become increasingly complicated. While AI tools are adept at analyzing vast codebases for vulnerabilities, they are also prone to generating false positives—a phenomenon often referred to as “hallucination.”

On Tuesday, Barry Plunkett, co-CEO of Cosmos Labs, highlighted the shifting landscape in this regard. Responding to a bug bounty hunter who accused the organization of neglecting their vulnerability report, Plunkett noted, “AI is changing the way that bug bounty programs must operate.” He revealed that his organization has experienced an astounding 900% increase in submissions compared to the previous year, now averaging between 20 to 50 reports daily. This surge has led to a dramatic rise in both valid and invalid submissions, creating a strain on resources as teams attempt to filter through the volume.

Kadan Stadelmann, CTO of the Komodo Platform, echoed Plunkett’s sentiments, explaining that he has observed a similar increase in bug bounty submissions across various organizations. “There has definitely been an increase in low-quality bug bounty submissions, some of which have been false positives, potentially suggesting AI sourcing,” Stadelmann indicated. He attributes this influx to the reduced costs associated with producing vulnerability reports, which AI tools can generate quickly and efficiently.

Earlier this year, renowned software developer Daniel Stenberg, creator of the widely-used open-source data transfer tool curl, took a definitive stance by ending his bug bounty program. He cited an unsustainable volume of “AI slop in vulnerability reports” as the main reason behind his decision, expressing exhaustion from filtering through numerous low-quality submissions.

Data from HackerOne, one of the largest bug bounty platforms globally, confirms this trend. In January, the platform reported a total of 85,000 valid bounty submissions in 2025, marking a modest 7% increase from the previous year. Such statistics illustrate the growing reliance on bug bounty programs, particularly in decentralized systems that require robust security measures to safeguard valuable digital assets.

AI: A Double-Edged Sword

As the industry grapples with the implications of increased AI-generated reports, Plunkett expressed that Cosmos Labs is already implementing measures to adapt to this new reality. The organization is revising how it evaluates submissions, placing a higher priority on trusted researchers with a verified history of responsible reporting. Furthermore, they are collaborating with other bug bounty providers that are equipped with advanced triage capabilities, allowing for more efficient management of incoming reports.

Stadelmann also emphasized the importance of bug bounty programs in protecting decentralized systems. He posited that integrating AI into their workflows could serve as a solution to manage the growing flood of submissions. “Blockchain teams will have to create AI deterrents to sift through incoming bug bounties,” he remarked. This is particularly pertinent for smaller teams that may lack the manpower to thoroughly investigate each report, creating a pressing need for automated filtering systems to streamline the process.

“This is where defensive AI systems to automatically sift through incoming bug bounties will be crucial. Teams dependent on bug bounties will need to develop stricter standards on their bug bounty programs as a means of lowering the number of incoming reports,” Stadelmann added.

The convergence of AI technologies with the cryptocurrency sphere presents both challenges and opportunities. As the crypto industry continues to mature, navigating the complexities of bug bounties and ensuring robust cybersecurity will be paramount for safeguarding against potential exploits. Stakeholders will need to remain vigilant and adaptive as they face the twin-edged implications of AI in their security frameworks.

Related: Crypto hackers stole $17B over past 10 years: DefiLlama