Over the past 12 months bug bounties have begun offering increased payouts and broader scope. Traditional web and mobile categories are being supplemented by an increased focus on AI systems and critical infrastructure.
“In the past year, Accenture has seen bug bounty go AI-assisted at scale: Researchers lean on AI, programs incorporate AI systems in bounty scope, and prompt-injection findings have surged,” Ryan Whelan, Accenture global cyber intelligence lead, tells CSO.
“Vendors now pay for full exploit chains, not one-off bugs,” Whelan says, adding that this shows how the bug bounty market has matured to reward researchers for vulnerabilities that have “real-world impact and reproducibility.”
