The 'Internet Bug Bounty Program' has stopped accepting new submissions due to the increased number of bugs discovered by AI.

Security firm HackerOne has announced it will stop accepting new bug bounties for its Internet Bug Bounty Program. The company cites the improved speed and number of bugs discovered through AI as the reason.

Internet Bug Bounty | Bug Bounty Program Policy | HackerOne
https://hackerone.com/ibb?type=team

Internet Bug Bounty program hits pause on payouts | InfoWorld
https://www.infoworld.com/article/4154210/internet-bug-bounty-program-hits-pause-on-payouts.html

The Internet Bug Bounty Program (IEBUG) is a program that provides rewards for security research related to vulnerabilities affecting 'open-source software projects.' Its aim was to contribute to the continuous improvement of security in open-source projects by soliciting vulnerability reports from a wide range of developers.

Starting March 27, 2026, new applications for this program will be suspended. HackerOne stated, 'AI-powered research is expanding the scope of vulnerability discovery and improving the comprehensiveness and speed of discovery. We are temporarily suspending applications while we consider the necessary structures and incentives to further advance the goals of this program.'

In recent years, the development of generative AI has made it easier to find bugs, and even AI tools specifically designed for bug detection have been developed, so the significance of running bounty programs using existing methods is diminishing.

AI bug detection system 'Sashiko' developed by Google employee, named after the Japanese embroidery technique 'sashiko,' detects undiscovered bugs in the Linux kernel one after another - GIGAZINE

The Internet Bug Bounty Program has been running since 2012 and has paid out a total of over $1.5 million (approximately 240 million yen) to developers to date.

HackerOne stated that 'the balance between discovery and remediation in open source has substantially changed,' and that they will continue to work with project maintainers and researchers to optimize incentives to better reflect the realities of open source.

While several organizations are working on bug bounty programs, some, like HackerOne, have stopped accepting new reports due to the impact of AI. For example, the open-source networking tool cURL has temporarily suspended new submissions after receiving a large number of low-quality vulnerability reports generated by AI.

cURL suspends bug bounty program due to repeated low-quality vulnerability reports generated by AI - GIGAZINE