The AI Era Is Creating a Bug Hunting Arms Race

https://media.wired.com/photos/6a0e3a04aa8901b570a25720/191:100/w_1280,c_limit/security_bug_gettyimages.jpg

A decade ago, programs to reward researchers for submitting software vulnerability findings were just starting to go mainstream. Vulnerability disclosure and “bug bounty” programs represented a paradigm shift years in the making—moving institutions from hostility and defensiveness about security research findings to acknowledgement that receiving input and releasing fixes was necessary. When Apple finally announced a bug bounty in 2016, the top reward was $200,000. It rose to $1 million in 2019 and $2 million last year. But all of that is about to change again.

As agentic AI models become more adept at both autonomously identifying software vulnerabilities and developing exploits for them—in other words, identifying weaknesses and creating hacking tools—vulnerability disclosure programs are being flooded just as organizations are finding more bugs than ever themselves. This abundanceis changing the economics of bug bounties for both institutions soliciting submissions and researchers, some of whom currently make a...

Copyright of this story solely belongs to wired.com. To see the full text click HERE

Read more