By ByteBot
In January, cURL killed its bug bounty program. In April, Nextcloud followed. Last week, Linus Torvalds declared the Linux kernel security mailing list “almost entirely unmanageable.” The culprit in all three cases is the same: AI-generated vulnerability reports — confident-sounding, often completely fabricated, and arriving in volumes that make real triage impossible. The bug bounty model is not just under pressure. Parts of it are already gone.
The Numbers Make the Case
This is not a few bad actors ruining it for everyone. The scale is systemic. Bugcrowd’s triage queue grew 334% over a three-week stretch in March 2026, driven almost entirely by low-quality submissions. HackerOne reports a 76% jump in total submissions year-over-year through March, while the fraction of reports flagging real vulnerabilities has stayed flat at around 25%. The math is simple: more noise, same signal.
The Linux kernel security mailing list went from two or three reports per week to five to ten reports per day. Kernel maintainer Willy Tarreau noted the shift in March; Torvalds confirmed it publicly on May 18. cURL’s numbers are starker: historically, over 15% of submitted reports led to confirmed vulnerabilities. By 2025, that rate had dropped below 5%. In the first 21 days of 2026, cURL received 20 submissions — seven arrived in a single 16-hour window — and none turned up a real bug.
The Programs That Did Not Survive
cURL creator Daniel Stenberg ended the program on January 31, 2026. In his post announcing the shutdown, he described the AI submissions as “never-ending slop” that drained time, energy, and his team’s will to work on security at all. He called it what it is: AI is DDoSing open source. The program had found 87 confirmed vulnerabilities and paid out over $100,000 to researchers across its lifetime. That history is now closed. cURL now routes security reports through GitHub’s private vulnerability reporting and publicly bans anyone who submits AI slop.
Nextcloud suspended its bug bounty program in April, citing the same cause. HackerOne paused its Internet Bug Bounty program on March 27, citing an imbalance between discoveries and maintainers’ ability to act on them. GitHub did not suspend its program but changed the rules: some lower-severity submissions now receive company swag instead of cash, and working proof-of-concept exploits are now required for all submissions. These are not gradual adjustments. They are emergency changes to a system under real stress.
What Torvalds Said and Why It Matters
Linus Torvalds does not typically weigh in on industry trends. When he says a process has become “almost entirely unmanageable,” the problem is serious. The issue he flagged is not just volume — it is redundancy. Multiple researchers running the same AI tools against the same Linux codebase are independently finding the same issues and filing separate reports, each routed to the private security mailing list. Maintainers end up triaging duplicates and pointing reporters to patches already merged weeks earlier. Torvalds described the private list as “a waste of time for everybody involved.” New documentation has been merged to formalize how AI-assisted reports should be handled going forward.
The Real Damage Is What Gets Buried
Bug bounty programs run on trust between researchers and maintainers. That trust depends on reports being worth reading. When the signal-to-noise ratio collapses, skilled researchers stop participating — their time is finite and their reputation matters. Organizations take longer to review legitimate findings, which means real vulnerabilities sit unpatched longer. Bugcrowd named the pattern behind this “sloptimism” — the tendency to fire off an AI-generated report on the hope that the model got it right, without manual validation or a working exploit to back it up. Their conclusion: “Sloptimism is breaking any system built on human validation.”
How to Use AI in Security Research Without Breaking Everything
The problem is not that researchers are using AI. The problem is how they are using it. OpenAI’s Daybreak platform, launched May 11, demonstrates the functional approach: the system builds a threat model from a connected repository, identifies potential vulnerabilities, then validates each finding in an isolated sandbox before a human ever sees it. The report that comes out the other end has been pressure-tested. That is the bar.
For individual researchers, the standard is the same: AI is useful for generating ideas, clustering hosts, diffing responses, and drafting report templates. It is not a substitute for manually reproducing the finding, writing a working PoC, and verifying real-world impact. GitHub now requires this explicitly. Platforms that do not require it yet will. The window to operate on unvalidated output is closing.
The Incentive Problem Nobody Is Fixing
Low barriers to submission combined with monetary rewards created a predictable outcome: high-volume, low-quality attacks on the triage process itself. The programs that have survived the longest — and the ones being restructured now — are moving toward quality gates rather than quantity incentives. Requiring a working PoC is the most effective filter because it takes real work that AI alone cannot do. Maintainers and platforms are implementing this under duress. It would have been smarter to build it in from the start.
