News linked to both this project and an event.
According to Cointelegraph, the widespread adoption of AI is driving up the number of submissions to cryptocurrency industry bug bounty programs—but a flood of low-quality “AI spam” reports has also emerged, placing a heavy burden on protocol teams for triaging. Barry Plunkett, Co-CEO of Cosmos Labs, stated that submission volume to its platform surged 900% year-on-year, with 20–50 reports received daily; Kadan Stadelmann, CTO of Komodo Platform, likewise noted a marked rise in low-quality and false-positive reports, attributing the root cause primarily to AI’s drastic reduction in the cost of generating reports. Daniel Stenberg, creator of the open-source tool curl, has already shut down his bug bounty program outright due to being overwhelmed. In response, industry insiders recommend that teams deploy defensive AI systems to automatically triage reports and adopt stricter submission criteria—reducing the volume of invalid reports and ensuring genuine vulnerabilities receive timely attention.
Security researcher Doyeon Park announced on X that he discovered and disclosed a high-severity CVSS 7.1 zero-day vulnerability in the Cosmos consensus layer (CometBFT). This vulnerability could cause network nodes to stall during block synchronization, thereby affecting system operation—but it cannot directly lead to asset theft. Doyeon Park stated that he made every effort to follow the Coordinated Vulnerability Disclosure (CVD) process; however, due to the project team’s lack of cooperation and “irresponsible decisions,” he ultimately chose to publicly disclose the vulnerability details, adding that any resulting security risks would be borne by the relevant project teams.