A decade ago bug bounties were just a new idea.
Back then tech giants treated researchers like enemies. They were defensive, hostile. Ignoring you was the standard response. But things shifted.
Apple joined in 2016 with a max payout of $200,001. That number doubled to a million in 2013 then hit two million last year. It was a boom time.
That era is ending.
Agentic AI is now hunting vulnerabilities autonomously. It finds them and builds the exploits too. The floodgates opened.
For researchers the economics are warping. Some make their entire living off this. For companies it’s an influx of reports mixed with a spike in bugs found internally. The dynamic is shifting in lockstep with how attackers operate.
“I’ve submitted three times as many bugs,” says Joseph Thacker an independent security researcher who uses AI in his hunt. He thinks Google is paying out ten times what it did last year.
Tech giants can eat that cost.
Most companies can’t.
Thacker notes that agents are harvesting low-and medium-hanging fruit right now. High value bugs are easy to find for an LLM. But supply will drop.
“Next year there will be fewer bugs submitted.”
Fewer submissions might mean payouts creep up again for the rare finds. Nobody knows how long-term demand and supply will balance out. It depends heavily on how fast AI makes exploits.
This pressure forces faster patching.
The 90-day disclosure window?
Gone.
“That window was built for a world… where bug finders were rare,” wrote security researcher Himanshu Anand. “That world is gone. LLMs has compressed both timelines.”
Attackers are rushing the process too.
They want zero-days.
“Zero day use by criminals… is fairly limited… but think we shouldn’t underestimate the impact of more people having that ability.
Criminals make up most serious incidents they are cheap to hire and highly motivated. If AI drops the barrier to entry for zero-days the stakes rise sharply.
Hunters feel the burn already.
Curl ended its bug bounty in January. AI flooded it with low quality trash. The team called it out directly: bad faith reports overload systems and create abuse. They still want valid reports. Just not the junk.
Linus Torvalds said last week the Linux security list is “almost entirely unmanageable” due to the duplicate AI spam.
Then in April Curl’s lead developer Daniel Stenberg posted to LinkedIn with a twist.
The spam stopped. The quality skyrocketed.
“We get an ever-increasing amount really good reports almost all with help of AI.”
This puts teams under serious load. Google reacted in April by overhauling their vulnerability rewards program lowering some payouts while raising others to focus only on impact.
Jonathan Dunn who hunts bugs between shifts as a cardiologist sees a shift. Elite hunters with deep skills will keep getting paid for hard problems.
But we still need to incentivize ethical research.
Who pays for finding stuff in the background infrastructure nobody else cares about?
Edera CTO Alex Zenla says this still requires human time. It changes the industry dynamics.
Anthropic recently launched a bug bounty on HackerOne for its Claude models. It fits the trend. Some say structural defenses are now required.
Niels Provos puts it bluntly: you cannot patch your way out of the crisis.
You have to build infrastructure that makes the bugs irrelevant in the first place.
Which is easier said than done. The AI won’t wait for us to fix our code. It is already there looking.
