Claude · Mythos · Apple · Meta · Microsoft · Decrypt
AI Slop Floods Bug Bounty Programs as Companies Struggle with Fake Posts
Compiled by KHAO Editorial — aggregated from 1 source + 4 references discovered via search. See llms.txt for citation guidance.
★ Tier-1 Source
Artificial intelligence is creating a new headache for companies that rely on bug bounty programs to uncover software vulnerabilities.
Key facts
- Bug bounties have also become big business, with companies including Meta, Microsoft, Apple, and Crypto
- In April, Claude Mythos identified 271 vulnerabilities in Mozilla Firefox during internal testing, while earlier this month, security researchers said a preview version of the model helped develop
- Users on Myriad—a prediction market platform operated by Decrypt 's parent company, Dastan—don't believe that Claude Mythos will be released publicly by the end of June, currently penciling in 18%
- In March, Anthropic introduced Mythos, a cyber-focused AI model that the company says can identify vulnerabilities faster than humans
Summary
Companies running bug bounty programs report a sharp increase in low-quality AI-generated submissions. HackerOne and Nextcloud both suspended bug bounty programs after waves of fake reports. Security firms say AI tools are changing bug hunting by making it easier to submit reports at scale. Cybersecurity firms and open-source software projects are dealing with a surge of AI-generated bug reports, many of which are false or misleading.