The AI Era Is Creating a Bug Hunting Arms Race

A decade ago, programs to reward researchers for submitting software vulnerability findings were just starting to gain traction. These vulnerability disclosure and 'bug bounty' programs marked a significant shift in how institutions approached security research findings, moving from hostility and defensiveness to acknowledgement that receiving input and releasing fixes was necessary. When Apple finally announced a bug bounty in 2016, the top reward was $200,000.

This amount rose to $1 million in 2019 and $2 million last year. But with the advent of agentic AI models that can autonomously identify software vulnerabilities and develop exploits, these programs are being flooded as organizations are finding more bugs than ever before. This abundance is changing the economics of bug bounties for both institutions soliciting submissions and researchers who make a living or supplement their income with bug hunting.

'I've probably submitted three times more bugs than I did last year at this time—I would suspect that a company like Google is going to spend two to 10 times as much on bug payouts as they did last year,' says independent security researcher Joseph Thacker, who has developed methods and tools for using AI in his own bug hunting. The field is changing in lockstep for attackers, too. Tech giants can handle the pressure, but most companies can't, Thacker adds.

'Right now people will be submitting low- and medium-hanging fruit—agents are finding really good bugs. But next year there will be fewer bugs submitted because a lot of that will already have been found, and I think some companies will up their payouts again.' Thacker and other researchers readily admit that no one knows exactly how the supply and demand dynamics will play out long term. The effectiveness of AI exploit discovery and automated system scanning could also put pressure on developers to quickly release patches, potentially speeding longstanding and hard-won standards like 90-day disclosure deadlines.

As security researcher Himanshu Anand wrote earlier this month, 'The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world is gone. LLMs have compressed both timelines.' Forced accountability by attackers could also motivate improvements in how quickly organizations deploy vulnerability fixes in their systems.

The urgency of real-world attacks facilitated by AI seems to be growing, with both sophisticated and less-proficient actors looking to expand their capabilities and cut costs. Google researchers recently observed 'prominent cyber crime threat actors' attempting to exploit a zero-day vulnerability that they had developed using AI tools to bypass two-factor authentication on an open source system administration platform. Google quickly notified the developer, and they issued a fix for the flaw.