Join Nostr
2026-05-22 12:33:40 UTC

BrianKrebs on Nostr: If AI is truly making it easier to find security bugs in code (which it appears to be ...

If AI is truly making it easier to find security bugs in code (which it appears to be doing), then it makes sense that bug bounty programs may be far less willing to pay a lot of money for a single bug report. From El Reg:

"Finding vulns just doesn't pay like it used to. At least one bug hunter who found an open source security flaw and reported it months ago via HackerOne's backlogged Internet Bug Bounty (IBB) program finally got paid for his work - but at a drastically reduced reward rate. The security researcher found a medium-severity vulnerability that previously paid $1,843. As of Monday, HackerOne's IBB pays $297 for the same severity level. Similarly, the new IBB cash prize for a critical vulnerability is $2,257, compared to the previous $9,250 reward. High-severity bugs now fetch $1,009, while they used to earn a $4,429 payout. And low-severity bugs earn researchers $68, compared to the previous $597 reward."

Not to say that AI has somehow stopped the beg bounty madness. I seem to get more unbidden bug reports from researchers these days than ever, and half the time the bugs are fixed "in the cloud" w/out much notice or fanfare (or CVEs).

https://www.theregister.com/security/2026/05/21/hackerone-takes-an-axe-to-its-bug-bounty-rewards/5244458