Regardless of the size of the rewards, AI agents have saturated public bug bounties.
A recent experiment conducted on the Algora platform bears this out. Its author used Claude, armed with a $20 budget, to pick “small” issues, craft fixes, and submit them after human review.
Submitting PRs wasn’t the problem; getting them accepted was another matter. Systematically, even when the reward was only a few tens of dollars, they ended up waiting behind a flood of requests emanating from AI. The maintainers, overwhelmed by the volume, tended to select a single PR—often the first to arrive—and reject the rest.
A «victime du slop» arrête son bug bounty
This situation pushed Turso to abandon its bug bounty. The American company, which rewrote SQLite in Rust, had put this program in place nearly a year ago. It had pledged $1,000 for any bug capable of corrupting data.
“In recent days, our teams have not done much else than close PRs claiming to have found bugs,” Turso explained when announcing the closure of her bug bounty. She cites a few examples of far-fetched submissions, probably assisted, if not produced, by AI:
- Corruption by injecting random bytes into the database header
- Corruption by modifying the source code to manually add an out-of-bounds access
- A vulnerability allowing the execution of arbitrary SQL queries (which is precisely the product’s core principle)…
At this stage, there were two options, Turso asserts: end the financial incentives or shut down the bug bounty altogether. Automating PR management was an option, but it would come at a cost… and AI has a “potentially infinite” capacity to generate them.
Turso briefly restricted automatically submissions that appeared to come from bots. But the AIs quickly fought back, opening tickets to request manual reviews. When they weren’t simply reissuing another PR, similar in nature.
