Agentic AI · Google · Apple · Wired
When Apple finally debuted a flaw bounty in 2016, the top reward was $200,000
Compiled by KHAO Editorial — aggregated from 1 source + 2 references discovered via search. See llms.txt for citation guidance.
◌ Single Source
It rose to $1 million in 2019 and $2 million last year.
Key facts
- It rose to $1 million in 2019 and $2 million last year
- When Apple finally announced a bug bounty in 2016, the top reward was $200,000
- As security researcher Himanshu Anand wrote earlier this month, “The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow
- We all assumed it was already happening, and this is our first evidence that it is happening,” John Hultquist, Google Threat Intelligence Group chief analyst, says of attackers using AI to discover
Summary
A decade ago, programs to reward researchers for submitting software vulnerability findings were starting to go mainstream. As agentic AI models become more adept at both autonomously identifying software vulnerabilities and developing exploits for them—in other words, identifying weaknesses and creating hacking tools—vulnerability disclosure programs are being flooded as organizations are finding more bugs than ever themselves. “I’ve probably submitted three times more bugs than I did last year now—I would suspect that a company like Google is going to spend two to 10 times as much on bug payouts as they did last year,” says independent security researcher Joseph Thacker, who has developed methods and tools for using AI in his own bug hunting. Tech giants, he adds, ”can handle that pressure, but most companies can’t.