Internet Bug Bounty Pauses Payouts, Citing 'Expanding Discovery' From AI-Assisted Research (infoworld.com)

(Sunday April 05, 2026 @09:34PM (EditorDavid) from the mutiny-of-the-bounties dept.)

The Internet Bug Bounty program "has been paused for new submissions," they [1]announced last week .

Running since 2012, the program is funded by "a number of leading software companies," [2]reports InfoWorld , "and has awarded more than $1.5m to researchers who have reported bugs "

> Up to now, 80% of its payouts have been for discoveries of new flaws, and 20% to support remediation efforts. But as artificial intelligence makes it easier to find bugs, that balance needs to change, HackerOne [3]said in a statement . "AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed. The balance between findings and remediation capacity in open source has substantively shifted," said HackerOne.

>

> Among the first programs to be affected is the Node.js project, a server-side JavaScript platform for web applications known for its extensive ecosystem. While the project team will continue to accept and triage bug reports through HackerOne, without funding from the Internet Bug Bounty program it will no longer pay out rewards, according to an announcement on its website...

>

> [J]ust last month, Google also put a halt to AI-generated submissions provided to its Open Source Software Vulnerability Reward Program.

The Internet Bug Bounty stressed that "We have a responsibility to the community to ensure this program effectively accomplishes its ambitious dual purpose: discovery and remediation. Accordingly, we are pausing submissions while we consider the structure and incentives needed to further these goals..."

"We remain committed to strengthening open source security. Working with project maintainers and researchers, we're actively evaluating solutions to better align incentives with open source ecosystem realities and ensure vulnerability discoveries translate into durable remediation outcomes."

[1] https://hackerone.com/ibb?type=team

[2] https://www.infoworld.com/article/4154210/internet-bug-bounty-program-hits-pause-on-payouts.html

[3] https://hackerone.com/ibb?type=team

I didn't read the article... (Score:2)

by Brain-Fu ( 1274756 )

...but that sure won't stop me from passing judgment!

This sounds like a clear case of "AI makes it so easy to find bugs now, that we don't need to pay out cash to incite others to do it anymore."

Sooo (Score:2)

by liqu1d ( 4349325 )

More open source is falling prey to the spray and pray tactics of AI bug reporting?

AI replacement (Score:2)

by yuvcifjt ( 4161545 )

I've argued for a while, AI may not take all jobs, but it certainly will cut down on number of hires.

So instead of several testers, and a team of back-end and front-end devs, depending on size of company, they can get away with half or quarter of the team.

Sadly as AI gets ever more advanced, I envision a time perhaps in a year or two where the senior dev is left mostly just reviewing pull requests generated by AI.

AI is already taking away design opportunities, and you only have to look at some of the profes

The great adjustening of labor value (Score:1)

by T34L ( 10503334 )

I think this is a pretty great bottled example of well how AI can be simultaneously super transformative to society and at the same time how companies like OpenAI and Anthropic can be insanely overvalued and presenting a colossal bubble of sentiment that's never going to see long term return on investment.

Lot of the currently seemingly lucrative uses of AI that promise to make big bucks for anyone with their fingers in the pie are based on observations that hey; there's this whole million dollar market that

Flashbacks (Score:2)

by LondoMollari ( 172563 )

This reminds me of the Bitcoin Faucet and AllAdvantage. All it takes is a shift in demand or technology and suddenly your operating model falls apart. Welcome to the Internet.