AI: Crypto Companies Overwhelmed by a Bug Bounty Wave

In 2026, artificial intelligence is radically transforming bug bounty programs in crypto. Companies face an unprecedented wave of submissions, often generated by AI, overwhelming security teams. How to distinguish real vulnerabilities from digital noise?

Crypto: AI Causes an Unprecedented Explosion in Bug Bounty Submissions

Since 2025, bug bounty programs in crypto have experienced rapid growth driven by AI. Indeed, there has been a 900% increase in submissions with platforms like HackerOne recording 85,000 valid reports in 2025, 7% more than in 2024. The consequences are multiple. On one hand, programs like curl had to suspend their activities, unable to manage the volume of submissions.

I'm posting a response on behalf of Cosmos Labs.

This is not a security vulnerability. However, it is a bug that the team will address in due course.

There’s no risk to consensus, liveness, or funds as a result of this bug. Furthermore, the reported behavior only shows up if…

— barry (@BPIV400) April 21, 2026

On the other hand, platforms like HackerOne and Bugcrowd are investing heavily in artificial intelligence tools to automate triage and validate vulnerabilities. Despite these efforts, the challenge remains significant. How to maintain the quality and relevance of reports while benefiting from automation? For bug bounty researchers, this revolution demands rapid adaptation. Rewards for critical vulnerabilities requiring human expertise are increasing, while trivial flaws easily detected by AI are seeing their value decrease.

Ethereum More Exposed to AI Risks in Bug Bounties

Ethereum, as a leader in smart contracts and decentralized finance (DeFi), is at the heart of the storm caused by AI in bug bounty programs. With thousands of protocols and decentralized applications (dApps) relying on its blockchain, Ethereum attracts a large number of vulnerability submissions. However, this popularity comes at a price. The platform could be overwhelmed by AI-generated reports, often redundant or low quality, complicating the work of security teams.

The main risk for Ethereum lies in the overload of its triage teams. With a constantly increasing volume of submissions, resources allocated to validating reports diminish, potentially leaving critical vulnerabilities undetected. Investors and users place great importance on protocol security. If vulnerabilities slip through the cracks, trust in the blockchain could erode. 

Artificial intelligence is redefining the rules of bug bounty programs in crypto, with major consequences for blockchains like Ethereum. While AI offers powerful tools for detecting vulnerabilities, it also generates noise that threatens the security and reputation of projects. The real challenge? Finding the balance between automation and human expertise.