AI bug bounty surges: Cosmos reports +900%, Komodo flags more false alarms

AI bug bounty programs are seeing a sharp rise in submissions as AI helps scan code and draft reports faster. However, the quality is uneven, increasing false positives and adding triage workload for crypto security teams. Cosmos Labs said its AI bug bounty submission volume jumped 900% over the past year (about 20–50 reports per day). Komodo Platform’s CTO, Kadan Stadelmann, also observed higher bounty activity across organizations, with many reports looking low quality or potentially false alarms—possibly because AI lowers the cost of producing vulnerability claims. In response, Cosmos Labs tightened report scoring and gives more weight to trusted researchers with proven track records. It is also working with bounty providers offering stronger triage support to reduce time spent on weak or duplicate submissions. Stadelmann expects smaller teams may need “defensive AI” to filter incoming AI bug bounty reports and manage noise. Broader industry context aligns with this trend: open-source security programs complain about “AI slop” submissions, and HackerOne reported 85,000 valid bug bounty submissions in 2025 (+7% YoY). For traders, this is a security-ops shift rather than a direct token catalyst, but it may affect perceived risk around smart-contract and infrastructure reliability.
Neutral
This news is largely about security operations and the quality-control pipeline of AI-driven bug bounties, not about protocol upgrades, token emissions, regulation, or major breaches. That limits direct price impact on any specific coin. In the short term, the surge in AI bug bounty submissions can increase perceived security diligence, but the higher rate of false positives may also raise short-term operational friction (more triage time, slower validation). Traders might see it as a minor risk-management theme rather than a market-moving catalyst. Over the long term, if teams successfully implement stricter scoring, trusted-researcher weighting, and stronger triage (or “defensive AI”), it could improve vulnerability discovery efficiency and reduce real-world security risk. That is supportive for ecosystem confidence, but the effect is indirect and unfolds gradually. Overall, because the article’s core points concern workload, triage filtering, and noise reduction—not immediate economic fundamentals—the expected market impact on the mentioned cryptocurrency(s) is neutral.