Increased automation and AI in bug bounties is changing the game. Cybernews asked several prominent ethical hackers and platforms at this year’s Black Hat Europe whether the model is broken.
For a brief period in the mid-to-late 2010s, bug bounties felt like a golden frontier.
Hackers got to be the good guys, with pioneers such as Katie Moussouris setting up landmark schemes like Hack the Pentagon, engaging hundreds of ethical hackers around the globe to lawfully discover and disclose vulnerabilities on DoD assets.
The bug bounty system also appears to be meritocratic, highly incentivized, and, for a tiny minority, lucrative: a million dollars a year, sometimes more, paid to ethical hackers not for hours worked but for insight: a dangerous vulnerability spotted in the right place at the right time.
The biggest payouts came not from volume, but from creativity: an authentication bypass no one had imagined, a logic flaw that unravelled an entire system, a zero-day sitting unnoticed in production.
And so a model was established with many schemes relying on platforms such as HackerOne, Bugcrowd, and Intigriti to broker the relationship between organizations and researchers, manage disclosure, handle payments and reputations, and, crucially, decide what “impact” looks like.
Later, as more hunters arrived, payouts normalized, programs matured, and automation crept in.
While the average bounty now sits at just over $1,000, the myth of the million-dollar bug hunter still looms large – perhaps because of a promise the community values highly: bug bounties reward depth over scale and skill over noise. You can’t bullshit your way to the top of a leaderboard.
Or can you?
With the increased use of AI in the ecosystem, that balance is under strain, revealing certain fault lines between offense and defense, scale and skill, and hype and impact. These issues could equally apply to the entire cybersecurity ecosystem.
Over the last couple of weeks, at Black Hat Europe and other London-based events, I had the chance to ask some prominent figures in the bug bounty world what impact they think AI has had on the bug bounty business model.
Does it need to change? Is it broken?
AI didn’t arrive overnight
One thing everyone agrees on: AI didn’t suddenly appear in bug bounties overnight. Automation has been part of the job for a long time.
“The top bounty hunters would figure out ways to script things,” Dave Gerry, CEO of Bugcrowd, told me when we spoke in London earlier this month.
“They were using rules and configurations they had built in Burp Suite or ZAP. We’ve seen a level of automation coming for a long time.”
At Black Hat, James Kettle, director of research at PortSwigger and also a successful ethical hacker @albinowax, makes the same point from the toolmaker’s side. His firm’s tool Burp Suite – used by most professional web hackers – has long blurred the line between manual skill and machine assistance.
What has changed, however, is scale.
In August, a fully autonomous system called Xbow climbed to the top of HackerOne’s leaderboard – ahead of every human researcher, including those already using AI in their workflows.
Within nine months of active operation, it had surpassed the entire crowd. According to Xbow, it runs up to 80 times faster than manual teams, has identified more than 1,400 zero-day vulnerabilities, and operates without human input.
That moment forced the industry to ask an uncomfortable question: if a bot can outperform the best humans on the biggest platform in the world, has the bug bounty model finally broken?
Inside the leaderboard shock
At HackerOne’s booth at Black Hat Europe, I shared complimentary sour candy with Laurie Mercer, a security architect at the company, as the conversation turned – inevitably – to Xbow.
“If you look at Xbow’s Defcon talk 90% of it is about how to stop hallucination and doing the wrong thing.”
Laurie Mercer, HackerOne
The system, he claimed, needs constant guardrails to prevent it from inventing bugs (hallucinations) or causing harm.
Mercer points out that reputation – not just volume – has always been what the leaderboard was supposed to celebrate.
In August, Xbow’s rise prompted HackerOne to change how it presented that reputation.
Under pressure from human researchers, the platform now distinguishes between individual hackers and AI-powered collectives. The idea, Mercer said, is transparency: showing not just how much impact is created, but how it is achieved.
This division matters because, as Mercer and others point out, the leaderboard has always been gameable, and it’s not quite as meritocratic as those outside the industry believe. Go after enough low-hanging fruit, and you will eventually find yourself at the top of the tree.
Rep farming and AI slop
“Rep farming,” short for reputation farming, is when researchers target large programmes with lots of easy, low-severity bugs that earn points but little or no cash. Serious hackers, who are chasing high-value payouts, tend not to bother.
“A better way of looking at it is the quality of bugs – high and critical severity. When that reaches a different level, then it will be groundbreaking," Mercer added.
Viewed through the lens of awarded payouts (rather than reputation), there is some reassuring news: bug bounties have gone up this year, according to HackerOne, with the platform paying out a record $81 million in the year leading up to mid-2025: a 13% YoY increase.
The platform says that this was driven by high-profile programs from companies like Uber, GM, and AI firms, leading to more researchers consistently earning six-figure incomes.
Bounty hunter James Kettle for one, does not appear rattled: “Xbow’s tagline is that it’s the number one hacker and the number one rep farmer. Well, great. That doesn’t make it a major threat.”
To him, Xbow looks less like the end of bug bounties and more like a marketing campaign aimed at the penetration testing market.
Have thoughts about this topic? Others do, too. Join them in the discussion.
“They’re trying to tell you that a scan from their shiny scanner replaces a human pentest,” he said.
“What they’ve actually shown is that their tool can look at a site and find a bug.”
While there was no one available to speak with on Xbow’s stand at Black Hat, I did speak to one of its recruitment guys, who explained how a fully autonomous platform might be helpful.
Xbow allows firms to scale their pentesting. Instead of relying on bug bounties occasionally, they can test constantly, he claimed.
He also added that one feature in Xbow allows AI to write an exploit based on the vulnerability it has found.
“It wouldn’t be able to do this if the exploit was a hallucination,” he said.
The signal-to-noise ratio is suffering
However, AI slop does pervade, according to Katie Moussouris, founder and CEO of Luta Security, one of the original bug bounty organizers who helped legitimize ethical hacking as a core pillar of cybersecurity.
Earlier this month, she warned in a SANS Institute keynote that AI is already flooding the ecosystem with hallucinations.
“Seventy per cent of hackers surveyed are using AI in some manner,” she said.
“Some of it definitely qualifies as AI slop – it sounds good, it has buzzwords, but there’s no real bug there.”
Why this matters, she says, is that every false report consumes human time. Triage teams, whether volunteer open-source maintainers or enterprise security operations centres, are forced to sift through hallucinations alongside genuine findings.
Dave Gerry sees the same pattern from Bugcrowd’s side. Autonomous agents tend to go after low-hanging fruit: easy-to-find, lower-severity issues. The volume goes up, but the signal-to-noise ratio suffers.
Where AI still struggles, everyone agrees, is novelty. Zero-days, creative chains of exploitation, deep logic flaws – the bugs that pay big – are still overwhelmingly human discoveries.
Even Xbow’s most impressive example, where it followed error messages down a path to bypass authentication and extract files, was only possible because it had been trained by some of the best exploit writers in the world, argues Kettle.
This has led to a bifurcation of the market. As Gerry puts it, the top 10% of researchers, already elite, are becoming augmented. They are building models trained on their own expertise, effectively creating AI versions of themselves.
Meanwhile, the long tail risks being crowded out by automation and slop.
The remediation bottleneck no one talks about
The truth is, finding bugs has never been the hardest part. Fixing them is. In her talk, Moussouris joked that while the dates of one customer’s bug bounty report might change, the same vulnerabilities would remain.
“There’s a crucial logjam between finding bugs and fixing them,” Moussouris said.
“There always has been.”
AI has accelerated discovery, but remediation remains slow, political, and, well, a very messy human problem to deal with.
Modern IT stacks are complex; patching one component can break five others. Development teams are often disincentivised to work on security fixes at all, and are rewarded instead for shipping new features.
“Security is viewed as the team of ‘no’,” Gerry explained.
“Developers aren’t paid to fix flaws.”
But could AI fix bugs too? In theory, yes. In practice, it’s far harder than generating exploits. Even Google, Moussouris noted, has been cautious about deploying automated patching at scale.
Startups like Corridor, founded by former CISA advisor Jack Cable and ex SentinelOne CISO Alex Stamos, are trying, using AI to triage bug bounty reports. However, there’s no one tool that can solve a complex enterprise IT infrastructure.
According to Artem Sorokin, CEO of Cracken, a Silicon Valley automated ethical hacking startup that claims to take a human-in-the-loop approach, “There’s not one button you can press.”
“Sometimes you just need to invest in infrastructure as code. It’s a structural thing,” he said.
Entry-level jobs and the shrinking ladder
Another uncomfortable question is what all this means for people trying to break into the field.
Penetration testing has been here before. As Moussouris points out, the proliferation of automated pentest tools decades ago led to a squeeze in salaries and stagnation of the labor market.
AI risks repeating the cycle, only faster.
“If newcomers can’t earn cash doing bug bounties,” she warned, “there may be fewer of them learning these skills.”
Not everyone feels this way. Kettle sees entry-level work shifting rather than disappearing. AI, he says, is simply “changing what entry level looks like,” not eliminating human expertise.
Junior hackers may spend more time steering AI, validating its output, preventing it from doing “ridiculously dangerous things,” and holding it to account.
"A junior-level tester will never say, ‘Oh, I’m just going to delete that database to prove that I’ve found a SQL injection.’ They’d just get fired. But AI will very happily do that.”
James Kettle, PortSwigger
But at some point, aspiring white hats need to learn the fundamentals.
David Brumley, Bugcrowd’s Chief of AI, is also a university professor at Carnegie Mellon University and is famed for building one of the most competitive hacking teams at Defcon.
“If you don’t know the basics, you won’t know when the AI is lying to you,” he reasons. Brumley bans AI in parts of his classes for that reason – not out of nostalgia, but because judgment can’t be automated before it’s learned.
Is it time to change the bug bounty model?
Almost everyone I spoke to converged on the same model: AI with human-in-the-loop capacity as part of a team. The model HackerOne calls the “bionic hacker.” Bugcrowd designs around augmentation, not replacement. Cracken’s entire pitch is amplification, not autonomy.
Xbow is the outlier. Its focus is scale, and possibly the pentest market rather than bounties themselves.
So, how will this play out over the next couple of years?
Dave Gerry imagines new incentive models. One plausible-sounding idea he floated during our conversation was a Spotify-style royalty system: a hacker finds a novel vulnerability, feeds it into an AI, and then gets paid every time the model finds it again elsewhere.
Katie Moussouris goes further. Her proposal is a universal basic income. If AI systems are trained on the collective expertise of human hackers, she argues, those humans deserve a share of the revenue. It’s a vision that some might call defeatist, while others might call it realistic.
Cracken’s Sorokin sees hackers becoming orchestrators – deciding goals and strategy while delegating groundwork to machines.
James Kettle, for his part, is cautious but calm. “I’m not in a mad panic, but things are changing fast, and it’s important to keep up.”
Broken, or just transformed?
So, has AI broken the bug bounty model? The evidence suggests no. But it has profoundly changed it.
Automation and AI have widened the gap between volume and value, between low-hanging fruit and true expertise. They have exposed long-standing flaws in how reputation and rewards are measured. And they have made the remediation bottleneck impossible to ignore.
As Gerry put it, the rewards system itself may need to change, perhaps to value fixing vulnerabilities as much as finding them. But there is no easy button for complex infrastructure, no simple mirror where every offensive AI has an equal defensive twin.
Bug bounties aren’t dead. But they are no longer just about hackers versus code. They are about humans, machines, and the uneasy, evolving space in between.
The most successful bounty hunters will learn to master the space between human judgment and machine scale, while the way in which the system is governed, controlled, and rewarded will likely evolve to reflect this.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked