Bug Bounty Programs in the AI Era: How HackerOne and Bugcrowd Are Adapting to AI Vulnerability Discovery
AI-assisted researchers submit more bugs faster, straining triage. Meanwhile, Glasswing-style CVD bypasses the bounty model entirely

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Bug bounty programs have matured into a standard security practice. HackerOne alone reported over $300 million in total bounties paid as of 2024, with programs operated by organizations ranging from individual startups to U.S. federal agencies. The model is well-established: an organization defines a scope and payout structure, publishes it on a platform, and invites a global community of security researchers to find and responsibly disclose vulnerabilities in exchange for payment. AI is disrupting this model from two directions simultaneously. From the researcher side, AI-assisted fuzzing, LLM-generated proof-of-concept code, and tools like Claude Mythos are increasing the volume and sophistication of submissions. A researcher who previously found two bugs per week can now find ten, because AI accelerates the reconnaissance, hypothesis generation, and PoC development phases of vulnerability research. From the CVD side, programs like Project Glasswing operate entirely outside the bounty model: Anthropic's autonomous AI found 10,000+ vulnerabilities and coordinated 1,596 disclosures directly with affected organizations, with 9 CVEs assigned. Organizations that received Glasswing findings received them through CVD, not through their HackerOne program. Bug bounty program managers in 2026 need to understand both pressures, update their program policies accordingly, and make deliberate decisions about how CVD and bounty channels interact.
How Bug Bounty Programs Work: Scope, Severity, Payouts, and Triage
A bug bounty program operates through five core components. Scope defines which targets, hosts, applications, and functionality researchers are permitted to test. Out-of-scope items (typically third-party services, infrastructure outside the organization's control, and specific endpoint types) are explicitly listed. Rules of engagement define how testing may be conducted: what rate limits apply, whether automated scanning is permitted, which authentication states are in scope, and what constitutes a valid finding versus expected behavior. Severity tiers map findings to payout levels using CVSS scores, internal severity scales, or hybrid models. Most programs have four tiers: Critical, High, Medium, and Low, with corresponding payout ranges. Critical findings in large programs can pay $10,000-$100,000+. Triage is the process by which the program's security team evaluates incoming reports: verifying reproducibility, determining scope compliance, assessing severity, checking for duplicates, and communicating with the submitting researcher. Triage is the primary operational cost of running a bug bounty program and the primary bottleneck when submission volume increases. Payout and remediation close the loop: once a finding is triaged and validated, the researcher is paid and the engineering team receives a remediation ticket. Remediation SLAs are typically defined in the program policy.
The AI-Powered Researcher Advantage
Security researchers were early adopters of AI coding tools, and they have extended AI to every phase of vulnerability research. Reconnaissance and attack surface mapping: AI tools can analyze a target application's JavaScript bundles, API endpoints, and documentation to generate a prioritized list of potentially vulnerable functionality in minutes. This phase previously took days of manual analysis. Vulnerability hypothesis generation: given an attack surface, AI tools can suggest vulnerability hypotheses based on patterns in the codebase or API behavior. A researcher no longer needs to maintain a mental inventory of every vulnerability class; the AI generates the checklist. Proof-of-concept development: once a vulnerability is identified, AI tools can draft exploit code, SQL injection payloads, CSRF templates, and request sequences that demonstrate exploitability. This compresses the PoC development phase from hours to minutes in many cases. Report writing: AI tools can generate structured, well-formatted vulnerability reports from a researcher's technical notes. This reduces the non-technical overhead of bounty hunting. The aggregate effect is a productivity multiplier: a skilled researcher using AI tools can generate and submit significantly more valid findings per week than the same researcher without AI. For program operators, this means submission volume is increasing without a proportional increase in researcher count.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Triage Strain from AI-Assisted Submissions
Bug bounty triage is the bottleneck in most mature programs. A typical triage workflow involves reading the report, attempting to reproduce the finding in a test environment, checking the finding against the duplicate database, assessing severity using the program's scale, and communicating with the researcher. This takes anywhere from 30 minutes to several hours per report for a skilled triager, depending on complexity. When AI-assisted researchers submit at higher rates, triage load increases proportionally. The problem is compounded by quality variation in AI-generated reports. High-quality AI-assisted reports include a clear description, reproducible steps, and a working PoC. Low-quality AI-generated reports may include technically accurate vulnerability descriptions that are not actually exploitable in the target context, false positives generated by AI that misread the application's behavior, or findings that are technically valid but explicitly out of scope. All of these require triage time to evaluate and close, even when the outcome is 'not applicable' or 'out of scope.' Several large bug bounty programs have reported increases in triage-to-paid ratios: the percentage of submitted reports that result in a bounty payment has declined as submission volume has increased, suggesting that a larger fraction of submissions are invalid, duplicate, or out of scope. This is consistent with AI-assisted research generating more volume with more variability in quality.
“The triage team is the rate limiter. When submission volume doubles and triage capacity does not, the program degrades: response times lengthen, researcher satisfaction drops, and valid critical findings sit in the queue.”
Bug bounty program operations principle, increasingly relevant in the AI-assisted research era
Platform Responses: HackerOne and Bugcrowd Policies
Both HackerOne and Bugcrowd have been updating their platforms and policies in response to AI-assisted research, though neither has published a comprehensive AI policy as of mid-2026. HackerOne has invested in automated duplicate detection using semantic similarity analysis rather than exact string matching, which helps catch AI-assisted reports that describe the same vulnerability in different words. The platform has also updated its program policy templates to allow program managers to add explicit AI-related rules of engagement, such as requiring disclosure of AI tool usage or prohibiting fully autonomous AI submissions. Bugcrowd has taken a similar approach, updating its vulnerability submission guidelines to address AI-generated content and investing in triage tooling that flags high-volume submitters for additional review. Both platforms face the same fundamental challenge: AI-assisted research is a spectrum from 'used ChatGPT to proofread my report' to 'used an autonomous AI agent that found and documented the vulnerability without human involvement.' Drawing a principled policy line anywhere on that spectrum is difficult. The practical consensus emerging from both platforms is to focus on report quality and validity rather than the tool used to generate it: a valid, reproducible, in-scope finding is payable regardless of how it was found, while an invalid or out-of-scope finding is not payable regardless of whether a human or AI generated it.
Duplicate Detection and AI Submissions
Duplicate handling is one of the most operationally sensitive aspects of bug bounty programs. A researcher who submits a valid finding and receives a 'duplicate' response feels the program is unfair if the previous report that 'duplicated' theirs was AI-generated by a competitor. This creates a first-mover dynamic where AI tools that can submit more quickly have a systematic advantage over human researchers who take more time to write careful reports. The fairness implications are significant for the researcher community. Several program-level policies can mitigate this. Time-gating duplicates: a policy that pays the first three independent submitters who found a vulnerability independently, rather than only the first, reduces the winner-take-all dynamic. Quality-over-time: a policy that pays the most detailed and complete report rather than the earliest report incentivizes quality over speed, which disadvantages low-quality AI spam. Researcher history weighting: platforms that track researcher quality metrics can give established high-quality researchers a grace period before marking their submissions as duplicates of lower-quality submissions. For program managers, the most important operational change is ensuring that automated duplicate detection is tuned for semantic similarity (same vulnerability, different description) rather than syntactic matching (same description). AI-generated reports for the same vulnerability will vary in phrasing while describing identical issues.
How Glasswing CVD Bypasses the Bounty Model
Project Glasswing represents a fundamentally different model for AI vulnerability discovery at scale. Rather than operating through a bounty platform, Glasswing operates as a coordinated vulnerability disclosure (CVD) program: Anthropic's Claude Mythos AI discovers vulnerabilities, Anthropic coordinates disclosure directly with affected organizations through a defined disclosure timeline, and findings are published after remediation. The 1,596 CVD disclosures and 9 confirmed CVEs from Glasswing all arrived through this direct channel. Organizations that received Glasswing findings were not managing them through HackerOne or Bugcrowd. They were receiving direct notification from Anthropic with remediation guidance and a disclosure timeline. This creates a category of AI-discovered vulnerabilities that bug bounty program managers may not be tracking in their vulnerability management systems, may not have a defined response process for, and may not be communicating to their bounty program researchers (who might otherwise find the same vulnerability and expect to be paid). Program managers should establish a CVD intake process for receiving and triaging AI-discovered findings from programs like Glasswing, separate from their bounty triage workflow, with clear ownership and escalation paths.
Whether CVD and Bug Bounties Complement Each Other
The relationship between CVD programs like Glasswing and bounty programs like HackerOne is not zero-sum, but it requires deliberate coordination to avoid gaps and conflicts. Three areas require explicit policy decisions. Duplicate handling across channels: if Glasswing discloses a vulnerability to an organization and an independent bounty researcher submits the same vulnerability through HackerOne the next week, the organization needs a policy for how to handle the bounty submission. Options include paying as a duplicate acknowledgment, declining with an explanation, or defining a grace period after CVD disclosure during which submissions for the same vulnerability are eligible for reduced bounties. Disclosure timing coordination: Glasswing operates on a defined disclosure timeline, typically 90 days from discovery to public disclosure. If a bounty program has different disclosure SLAs, the organization needs to reconcile the two timelines. Credit attribution: researchers who find vulnerabilities that were already found by AI may feel they deserve credit for independent discovery. A policy that acknowledges independent parallel discovery, even without full bounty payment, maintains researcher goodwill. The strongest programs in 2026 treat CVD and bounty as complementary channels: CVD for systematic AI-discovered findings in critical infrastructure, bounty for the long tail of application-layer findings that human researchers are well-positioned to find, and clear coordination policies for the overlap.
Bug Bounty Program Manager Checklist for the AI Era
Program managers can update their programs for the AI era through a set of specific policy and operational changes. Scope update: review whether the rules of engagement address AI-assisted testing. If not, add explicit language: AI-assisted research is permitted provided reports meet the quality, reproducibility, and in-scope requirements applied to all submissions. Volume quality gates: consider adding a quality gate that closes low-quality reports (missing PoC, non-reproducible, out-of-scope) within a defined SLA with a standardized response, rather than spending full triage time on clearly invalid AI-generated spam. CVD intake process: establish a formal CVD intake workflow for receiving AI-discovered findings from programs like Glasswing, with defined ownership, escalation paths, and communication templates. Triage tooling upgrade: ensure duplicate detection is using semantic similarity rather than exact matching, and invest in triage automation for the most common report types (IDOR, XSS, SSRF) to reduce manual triage load. Researcher communication: publish a clear policy statement on AI-assisted research so researchers know the program's position. Ambiguity creates frustration and disputes. Bounty economics review: if submission volume has increased without a proportional increase in valid findings, review payout structures. Some programs have shifted to minimum quality requirements before a report is eligible for any bounty, reducing the incentive to submit low-quality AI-generated noise.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
Updating Scope and Rules of Engagement for AI-Assisted Research
The rules of engagement section of a bug bounty program policy has historically addressed automated scanning (typically restricted or prohibited), rate limiting (required to avoid DoS), and authentication states (which accounts researchers may test with). AI-assisted research introduces new questions that existing rules of engagement do not answer. Is an AI agent that autonomously discovers and submits vulnerabilities considered 'automated scanning' under the existing rules? Most existing rules were written to prevent aggressive web scanners, not autonomous AI research agents, but the language may be ambiguous. Program managers should update rules of engagement to address three specific questions. First, is AI-assisted research permitted, and if so, are there conditions? The recommended policy is to permit AI-assisted research with the same quality and scope requirements as human research. Second, are fully autonomous AI agents permitted to submit reports without human review? The recommended policy is to require that a human researcher review and attest to the validity of any AI-generated submission before it is submitted to the program. Third, does the use of AI tools require disclosure in the report? Requiring AI disclosure allows programs to track adoption trends and evaluate whether AI-assisted submissions have different quality characteristics, without prohibiting the research.
AI-Era Program Policy Update and Triage Workflow
The complete AI-era bug bounty program policy update checklist, rules of engagement language templates, CVD intake workflow, and triage automation configuration guides are available in the Mythos Brief. The Brief includes annotated policy language you can adapt for HackerOne and Bugcrowd program policies, a CVD response communication template for Glasswing-style disclosures, and a duplicate detection configuration guide for both platform native tools and custom implementations.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
The bottom line
Bug bounty programs remain a valuable security investment, but the AI era is changing the operational assumptions they were built on. AI-assisted researchers submit more findings at higher volume, straining triage capacity and requiring updated duplicate detection and quality gate policies. AI-powered CVD programs like Project Glasswing bypass the bounty model entirely, delivering findings directly to organizations outside the HackerOne or Bugcrowd channel. Program managers who update their rules of engagement, establish CVD intake processes, and invest in triage automation will continue to get value from their programs. Those who do not will face increasing operational strain as AI-assisted submission volume grows. The complete AI-era program policy update, triage workflow templates, and CVD response guides are in the Mythos Brief, available free at decryptiondigest.com/mythos-brief.
Frequently asked questions
Can AI submit bug bounty reports?
Technically yes, but most platform policies have not fully addressed it. AI systems can generate vulnerability reports, including technical descriptions and proof-of-concept code. The HackerOne and Bugcrowd policies as of mid-2026 do not explicitly prohibit AI-generated reports, though both platforms have been updating their policies to address AI-assisted submissions. The substantive question is not whether the report was AI-generated but whether the report is accurate, reproducible, and within scope. A valid AI-generated bug report is a valid report. The risk programs face is a volume increase in low-quality AI-generated reports that require triage time to evaluate and close.
How is HackerOne handling AI-discovered vulnerabilities?
HackerOne has been updating its platform policies and triage tooling to address AI-assisted submissions as of 2025-2026. The platform has invested in automated duplicate detection to catch cases where multiple AI tools submit similar reports for the same vulnerability, and has updated program policy templates to allow program managers to add rules of engagement for AI-assisted research. HackerOne has also engaged directly with the research community through its hacker-powered security reports to track AI adoption among its researcher base. Specific policy details vary by program: program managers control whether to add AI-specific rules of engagement.
Does Glasswing compete with bug bounty programs?
Glasswing operates via coordinated vulnerability disclosure (CVD), not via bug bounty programs. This means the findings generated by Claude Mythos for partner organizations arrive through a direct CVD channel, not through HackerOne or Bugcrowd. For organizations that are both Glasswing partners and bug bounty program operators, these are parallel channels: Glasswing findings arrive via CVD with coordinated disclosure timelines, while bounty submissions continue through the normal platform. The two channels can produce duplicate findings: if Mythos and an independent researcher both find the same vulnerability, the organization may receive the finding through both channels. Program managers should have a clear duplicate handling policy that covers CVD-versus-bounty duplicates.
Should I add AI to my bug bounty program scope?
This is the right question to ask, but the answer depends on what you mean. If the question is whether AI systems should be permitted to submit reports to your bug bounty program, the emerging consensus is yes, with conditions: AI-generated reports must meet the same quality, reproducibility, and in-scope requirements as human-generated reports, and programs may add volume limits or quality gates for AI-assisted submissions. If the question is whether AI systems like Claude Mythos should be in scope as targets for your bug bounty program, that is a different question about whether researchers should test the AI components of your product. Most programs treat AI systems as any other in-scope application: testing for standard vulnerability classes (injection, authentication bypass, data exposure) with the AI-specific attack surface (prompt injection, model extraction) as an extension.
How do I handle duplicate reports from AI tools?
Duplicate handling for AI-generated reports requires the same process as human duplicates: the first valid, in-scope report for a given vulnerability receives credit, and subsequent reports for the same vulnerability are marked as duplicates. For AI-assisted submissions, the volume of potential duplicates increases because multiple researchers may be using similar AI tools against the same target. Automated duplicate detection (already a platform feature on HackerOne and Bugcrowd) is the primary mitigation. Program managers should also consider adding a rule of engagement that requires researchers to verify their finding is not already in the duplicate list before submission, which reduces noise but requires platform support for current duplicate exposure.
How should bug bounty triage SLAs change when AI-assisted submissions arrive at higher volume?
AI-assisted submission volume increases the absolute number of reports without proportionally increasing the fraction of high-quality, payable findings, which strains triage SLA adherence. The most effective adjustment is a two-tier SLA: a fast-track closure SLA of 48 hours for clearly invalid or out-of-scope reports (using automated quality gates to pre-filter) and a standard triage SLA of five to seven business days for reports that pass the quality gate and require manual validation. Implement quality gates as pre-triage automation: Semgrep or platform-native SAST scans on any submitted proof-of-concept code, format validation checks ensuring all required fields are populated, and scope matching against the program's defined target list. Reports that fail quality gates receive a standardized automated response within 24 hours rather than consuming triager time. This two-tier structure keeps triager bandwidth focused on the fraction of AI-assisted submissions that are valid and exploitable, which is where your program's security value actually lies.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
