AI-Driven Vulnerability Bounty Reports Surge, Leaving Crypto Protocol Teams Overwhelmed by “AI Spam”
According to Cointelegraph, the widespread adoption of AI is driving up the number of submissions to cryptocurrency industry bug bounty programs—but a flood of low-quality “AI spam” reports has also emerged, placing a heavy burden on protocol teams for triaging. Barry Plunkett, Co-CEO of Cosmos Labs, stated that submission volume to its platform surged 900% year-on-year, with 20–50 reports received daily; Kadan Stadelmann, CTO of Komodo Platform, likewise noted a marked rise in low-quality and false-positive reports, attributing the root cause primarily to AI’s drastic reduction in the cost of generating reports.
Daniel Stenberg, creator of the open-source tool curl, has already shut down his bug bounty program outright due to being overwhelmed. In response, industry insiders recommend that teams deploy defensive AI systems to automatically triage reports and adopt stricter submission criteria—reducing the volume of invalid reports and ensuring genuine vulnerabilities receive timely attention.