Curl, CycloneDX, and Open Collective Hit by AI Spam in Bug Bounty Programs
HackerOne and Bugcrowd have turned into terminals of nonsense and absurdity.
HackerOne and Bugcrowd have turned into terminals of nonsense and absurdity.
In recent years, the internet has been flooded with low-value — and often entirely fabricated — content generated by language models. This isn’t just about poor-quality texts, images, and videos; it also includes fake analytics making their way into the media, social networks, and even official documents. Cybersecurity has now also fallen victim to this new form of digital pollution.
The most alarming development is a wave of fake vulnerability reports submitted as seemingly legitimate bug bounty disclosures. In reality, these are AI-generated reports describing non-existent vulnerabilities, dressed up in pseudo-professional technical language.
Vlad Ionescu, co-founder of RunSybil — a company developing AI tools for vulnerability discovery — describes it as a “trust trap.” Many of these reports look convincing and are written in technically fluent language, but upon verification, the described vulnerability turns out to be a product of AI "hallucination."
The problem is exacerbated by the way generative models work: they are tuned to satisfy prompts. If a user requests a vulnerability report, the model produces one — regardless of whether the vulnerability actually exists. These AI-generated reports are flooding bug bounty platforms, overwhelming them and wasting the time of security engineers who must manually verify the false information.
Real-world examples have already surfaced. Security researcher Harry Sintonen shared how the Curl project received a false vulnerability report — which was quickly identified as "AI junk." Similar complaints have come from Open Collective, where inbound reports were overwhelmed by useless AI-generated submissions. One developer from the CycloneDX project even shut down their bug bounty program entirely due to the influx of such fake reports.
Platforms like HackerOne and Bugcrowd are also reporting increased volumes of false reports and fabricated vulnerabilities. Michiel Prins of HackerOne noted that they're seeing more and more submissions where the reported vulnerabilities either have no real-world impact or are entirely made up. These are immediately classified as spam. Casey Ellis of Bugcrowd confirmed that nearly all modern submissions involve some level of AI generation. However, he noted that — at least for now — they haven’t seen a significant spike in meaningless content, though he warned that may soon change.
Some organizations are intentionally avoiding automated filters. Mozilla, for instance, doesn’t use AI to pre-screen bug reports, fearing it could miss real vulnerabilities. According to company representative Damiano DeMonte, they haven’t seen a sharp increase in AI-generated spam, and the rejection rate remains stable — around 5–6 reports per month, which accounts for less than 10% of total submissions.
Amid this landscape, new attempts to counter the phenomenon are emerging. HackerOne, for example, introduced Hai Triage, a hybrid moderation system that combines human expertise with machine efficiency. AI assistants handle preliminary tasks like deduplicating submissions and prioritizing the most critical reports, while final decisions are made by human reviewers — striking a balance between speed and accuracy.
As generative models continue to be leveraged by both attackers and defenders, the future of cybersecurity will increasingly hinge on who can build the more advanced filters — those who exploit the system, or those who protect it.
