AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports

Bug bounty programs, once celebrated for incentivizing independent researchers to report real-world vulnerabilities, are now under siege from a new, low-effort grift: AI-generated fake vulnerability reports, a phenomenon that falls under the broader category of “AI slop." These reports increasingly wasting maintainers’ time and, alarmingly, are getting rewarded with payouts.

The Anatomy of an AI Slop Bug Bounty Report#

AI slop vulnerability reports are automatically generated by large language models (LLMs) but lack any basis in real software behavior or code.

This week, security researcher Harry Sintonen revealed that the curl project was targeted with a fraudulent vulnerability report, submitted via HackerOne. The report, H1 #3125832, was flagged by the curl team as AI-generated slop: it cited nonexistent functions, included unverified patch suggestions, and described vulnerabilities that couldn't be reproduced.

Despite its technical-sounding language, the report quickly fell apart under expert scrutiny. Sintonen cited some of the qualities of the the HackerOne report that curl received:

• It looks convincing at a glance, especially if you're not a subject matter expert.
• It's vague about actual repro steps. It makes it impossible for the victim project to reproduce the issue. For example, it makes up fake patches against non-existent, imaginary code.
• It refers to functions and methods that do not exist (in case someone tries to look for them). When confronted, the attacker referred to some old or new versions of components, using non-existent commit hashes.
• The report makes up some convincing functionality or names that are novel, but don't really exist.

The attacker, linked to the @evilginx account, appears to have used similar tactics against other organizations and has received bug bounty payouts in some cases.

But in curl's case, the scam didn’t work. Unlike many corporate bug bounty programs, curl is a highly technical open source project with deep expertise and no budgetary pressure to approve questionable reports. They recognized the submission as junk.

“The attacker miscalculated badly,” Sintonen said. “Curl can smell AI slop from miles away.”

Why It’s Working#

Bug bounty programs at under-resourced organizations often lack the internal expertise to vet reports properly. Rather than invest in subject matter experts, some simply pay the bounty to avoid delays or PR fallout. Others may use bounty programs as window dressing for security theater, rewarding reports regardless of substance.

"An expert’s look at the report shows the number of discrepancies, but finding them takes time and effort," Sintonen said. "It requires attention from a subject matter expert, with limited resources.

"The real exploit here is that the attacker (evilginx) exploits the fact that the victims (the orgs who paid the attacker money) don't have the capacity to perform thorough analysis and rather just pay up. TL;DR: It's cheaper to pay the bug bounty than hire an expert to perform true analysis."

Benjamin Piouffle, a software engineer at Open Collective, reports that they are seeing a similar trend with their bug bounty program.

"Our inbox is flooded with AI garbage," Piouffle said. "We're managing to filter them because our volume is reasonable and our reviewers are technical (similar to curl's situation).

"We may ultimately need to migrate to a platform like HackerOne and restrict submissions to verified researchers (we currently handle everything manually). All this will eventually make it harder for junior researchers to break into the industry."

This incident reflects a broader trend, as previously reported by Seth Larson, the Python Software Foundation's Security Developer-in-Residence. Larson sits on the security report triage team for CPython, pip, urllib3, Requests, and other open source projects, where open source maintainers' time is increasingly being wasted by reviewing AI-generated vulnerability reports.

"The issue is in the age of LLMs, these reports appear at first-glance to be potentially legitimate and thus require time to refute," Larson said.

"Some reporters will run a variety of security scanning tools and open vulnerability reports based on the results seemingly without a moment of critical thinking. For example, urllib3 recently received a report because a tool was detecting our usage of SSLv2 as insecure even though our usage is to explicitly disable SSLv2."

The Cost of Processing Fake Vulnerabilities#

This isn't about LLMs making honest mistakes. It’s about deliberate misuse: exploiting the weak points of bug bounty triage systems with fabricated security reports that are good enough to pass a quick glance, but entirely fake.

The concern isn’t limited to one bad actor. It’s a structural problem: as tools to generate plausible-sounding technical text improve, so does the temptation to grift.

"The fact that HackerOne hasn't banned this user (and many others!) after the first obviously bullshit report is what I'm concerned about," Joe Cooper commented on Mastodon. "If they're allowing these folks to attack projects like this, they aren't doing what they're paid to do. The long-term credibility of researchers on the platform is the only value HackerOne brings to the table."

There’s no simple fix. More stringent report validation, researcher verification, or even AI-assisted triage might help. But at its core, this is a human problem: will organizations invest in real expertise, or continue rewarding fakery because it’s easier?

Sintonen predicts that it's only going to get worse.

"This could easily kill the whole concept of bug bounties," he said. "Why? Genuine researchers quit in frustration as they don't get proper reward for their hard work, and see AI slop scoop the money. Orgs/projects abandon bug bounty programs since they get mostly AI Slop reports. Financial backing (as donations or investment) for bug bounty programs disappears as the money is paid to scammers."

Submitting fake or low-quality reports can lead to a loss of reputation on HackerOne, which limits how many reports a user can submit and reduces their access to private programs. This may not be enough to deter the growing problem of AI slop reports. In this particular instance the reporter closed the report and changed the status to "Not Applicable," which does not impact reputation. The curl project elected to disclose the report.

This incident exposes just how fragile the bug bounty model can be when trust, triage, and incentives break down. The growing presence of AI-generated slop reports is making it harder for bug bounty programs to operate effectively. They divert limited attention from real vulnerabilities, add friction between maintainers and researchers, and chip away at the trust these programs depend on. If bug bounty programs are to remain a reliable part of the security ecosystem, platforms like HackerOne will need to adapt to prevent this abuse of maintainers, and organizations will need to uphold higher standards when triaging reports.