AI-powered bug hunting has changed the calculus of what makes for an effective bounty program by accelerating vulnerability discovery — and subjecting code maintainers to ballooning volumes of AI flaw-hunting slop.
Security researchers are using large language models (LLMs) to automate reconnaissance, reverse engineer APIs, and scan codebases faster than ever. By applying AI tools to techniques ranging from fuzzing and exploit automation to pattern recognition across codebases and websites, researchers are discovering flaws at accelerated rates.
“Over the past year, we’ve entered what we call the era of the ‘bionic hacker,’ which is human researchers using agentic AI systems to collect data, triage, and advance discovery,” says Crystal Hazen, senior bug bounty program manager at HackerOne, which has added AI tools to its platform to help streamline submissions and triage.
