CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

HackerOne suspends IBB program submissions amid AI-driven vulnerability discovery surge

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

HackerOne suspended new vulnerability submissions to its Internet Bug Bounty (IBB) program on March 27, 2026, citing a critical imbalance between AI-assisted vulnerability discovery rates and the limited remediation capacity of open source maintainers. The decision reflects the broader challenge of managing exponential increases in low-to-medium quality vulnerability reports generated by AI tools, which overwhelm volunteer-driven open source projects. The move has prompted downstream impacts, including the temporary suspension of the Node.js project’s bug bounty program due to funding loss through IBB. Industry experts characterize this as a structural shift in the vulnerability discovery and remediation pipeline, where discovery has been industrialized while remediation remains under-resourced and human-scale.

Timeline

  1. 08.04.2026 22:47 1 articles · 2h ago

    HackerOne pauses IBB submissions to address AI-driven vulnerability report surge

    HackerOne suspended new vulnerability submissions to the Internet Bug Bounty (IBB) program on March 27, 2026, citing an unsustainable imbalance between AI-assisted discovery rates and the limited remediation capacity of open source maintainers. The decision reflects the overwhelming volume of plausible but non-exploitable vulnerability reports generated by AI tools, which has reduced the signal-to-noise ratio in crowdsourced programs and diverted maintainer resources from actual remediation efforts.

    Show sources
    Open in new tab

Information Snippets

  • HackerOne suspended new vulnerability submissions to its Internet Bug Bounty (IBB) program on March 27, 2026, citing a worsening imbalance between vulnerability discovery and remediation capacity in open source projects.

    First reported: 08.04.2026 22:47
    1 source, 1 article
    Show sources

  • AI-assisted vulnerability discovery has increased the volume of plausible but often non-exploitable findings, reducing the percentage of valid submissions from approximately 15% to below 5% in some programs.

    First reported: 08.04.2026 22:47
    1 source, 1 article
    Show sources

  • The Node.js project paused its bug bounty program following the IBB suspension, citing loss of funding previously routed through HackerOne and the lack of independent budget for sustaining a bounty program.

    First reported: 08.04.2026 22:47
    1 source, 1 article
    Show sources

  • Industry leaders note that AI has compressed the time to find vulnerabilities but has not addressed the human bottleneck in triage, validation, and remediation, particularly for volunteer-maintained open source projects.

    First reported: 08.04.2026 22:47
    1 source, 1 article
    Show sources

  • Stakeholders propose rebalancing incentives toward remediation funding, including mechanisms that reward researchers for submitting fixes or creating shared pools to fund both discovery and patch development.

    First reported: 08.04.2026 22:47
    1 source, 1 article
    Show sources