The AI Era Is Creating a Bug Hunting Arms Race (www.wired.com)

The landscape of bug hunting is rapidly evolving due to the emergence of sophisticated AI tools capable of autonomously discovering software vulnerabilities and developing exploits. This shift has intensified competition within bug bounty programs, with researchers reportedly submitting three times more vulnerabilities than before. Notably, tech giants like Google may soon face increased expenditures on bug payouts, as organizations struggle to keep up with the influx of reports stemming from both AI-driven discoveries and conventional submissions. As researchers adapt, the incentives for ethical hunters and the nature of vulnerability disclosures are subject to considerable change. Significantly, the traditional 90-day responsible disclosure window is being challenged as AI accelerates the pace of both vulnerability discovery and exploit development. This urgency has already led some companies, including Google, to revise their bug bounty structures, adjusting payouts to better align with the evolving risk landscape. However, the influx of low-quality submissions generated by AI tools has posed challenges, prompting organizations like Curl to terminate their bug bounty programs due to overwhelming and often unfounded reports. To navigate these complexities, experts advocate for building more robust digital infrastructures to mitigate vulnerabilities, recognizing that merely patching systems may no longer suffice to address the mounting challenge posed by AI-enhanced bug hunting.