HackerOne has recorded 85,000 valid bug bounty submissions in 2025, marking a 7% increase from 2024, as artificial intelligence tools reshape how security researchers identify vulnerabilities across crypto and web3 platforms. The surge signals both opportunities and challenges for blockchain security teams and professionals.
AI Transforms Vulnerability Discovery
The growth in submissions comes as security researchers increasingly leverage AI-powered tools to scan codebases and identify potential exploits more efficiently. This technological shift is changing the skillset requirements for blockchain security professionals, who must now balance traditional auditing expertise with proficiency in AI-assisted analysis tools.
However, the platform also reports a concerning trend: the rise in low-quality or "slop" submissions. Some researchers are using AI to generate bulk reports without proper verification, creating additional work for security teams tasked with triaging submissions. This has prompted bug bounty programs to refine their evaluation criteria and invest more resources in filtering genuine vulnerabilities from automated noise.
Implications for Crypto Security Teams
For web3 organizations running bug bounty programs, the data suggests a growing need for experienced security professionals who can effectively evaluate AI-generated submissions and distinguish between legitimate findings and false positives. This trend creates new hiring demands for:
- Senior security engineers with expertise in AI tool assessment
- Bug bounty program managers who can optimize filtering processes
- Smart contract auditors who understand both traditional and AI-assisted methodologies
The increase in valid submissions also indicates that blockchain protocols face persistent security challenges, reinforcing the importance of comprehensive security practices. Organizations that maintain active bug bounty programs demonstrate their commitment to security, potentially attracting top talent seeking employers with robust security cultures.
For security researchers in the crypto space, the evolving landscape presents both opportunity and competition. Professionals who can effectively combine AI tools with deep technical knowledge will likely command premium bounties, while those relying solely on automated tools may struggle to differentiate themselves in an increasingly crowded field. The key for career advancement lies in developing genuine expertise that complements, rather than depends on, AI capabilities.
